I'm no PHP expert, but I do have some experience with it.

I believe that the difference between sessions and cookies is that seesions are stored on the server, and cookies are stored on the user's machine.

"Also, I mean, should my script just poll the database for an entry with a matching email, check the password and then set the session values??"
--Yes

"Oh and as for storing password... MD5 encryption the way to go?"
--I've used SHA1 (http://us3.php.net/sha1). Not sure if one is better than the other.


-----------------------------
There is no such thing as coincidence, just the illusion of coincidence itself.

Sign up: http://www.thecollegeforecast.com

My Site: http://trevordavis.net/