I am sure Netscape is aware of it considering Cookies are a feature not = a bug. What this really allows you to do is maintain client information = in a connectionless client. In short, any server can write data to your = cookie file. When you connect to that site in the future, based on the = parameters in the cookie file, you client will then feed the cookie = information back to the host. There are security considerations = implemented in Netscape and others that prevent misuse. For instance, = the server can only set cookies of a certain length. Several paramaters = are required such as time to live. And the server can only set cookies = at the .domain.domain level, and they must match the servers site. = Meaning, Cookies have to be set to the host level and have at leat 2 = periods in the address. Also, this prevents my site from adding a = cookie to your site. Again, all of this is mute considering the information is not taken from = a client, but given by the client whenever browsing a host that matches = an entry in the cookies file. The server then can get the information = from the server's environment under $ENV{"HTTP_COOKIES"}. The only = security problem I see is servers using this information to cache and = automatically parse a users password for their site. However, this is = no less secure than using .htaccess files or their equiv considering = they are clear text as well. However, there is a secure option in = cookies that will let the client know to only transmit the cookie when = connected to a secure server. A couple of sites with more info are: http://www.emf.net/~mal/cookiesinfo.html http://www.illuminatus.com/cookie Cheers, Tim [ Quoted Item Deleted - RuF]