But is it possible to use sessions? I mean, any web site can request your cookies right? If they do they have the md5 of your password, correct? As for being within a high availability enviornment, I see our point but using sessions is still possible between servers. Is anyone else concerned about this?
