The system introduced by Technoweenie in his Acts as Authenticated design is quite good, but unfortunately it relies on sessions and it is the author's opinion that doubling the cookie and sess_id is just plain foolish. If you are interested in doubling the speed of your application by going session-less, follow the instructions in this article: http://www.mathewabonyi.com/articles/2006/07/29/authenticated-cookie-safe-fast.