On Tue, 2004-09-14 at 11:30, Andreas Jung wrote: > You really don't want to send user+password encrypted or unencrypted as > cookie. > This is a very bad practise! Instead you might send some token e.g. like > the __ac > token used by Zope. The __ac token used by Cookie Crumbler is just the base64 encoded username and password, AFAIK. - C