I was wondering, If I create a login page that has a checkmark to allow people to stay logged in on my site, what stops someone from cloning a cookie and logging in as someone else???

for example if I where to be at a friends house take his temp folder files like the cookie put them on a floppy, take them to my house put them in the temp folder of mine and then goto the members page on the site would it allow me in?

Thats a good question and a little off topic but I have no idea...

I believe there is an additionl layer of security there, in that a cookie is user specific. I don't know if it's a regular text file or if it's encoded either, but I guess it isn't. Anyway, Win9x might allow this, but in Win2k and other NT based Windows versions, the temporary internet files are put in the user directory and normally only the user himself (or herself) have access to it.

Also, cookies are sent as plain text in the http header, so it's not very safe in any case. That's why most sites using cookies have either a disclaimer about it's lack of security, or tell the user to NOT use a valuable password. They usually ask if the user want to store the username/password across sessions, too.