> I am thinking about storing session cookies instead of using session 

> variables. However, one thing I am unsure of is that can a user manually 

> change the content of the cookies assigned to him?

> 

> for example, if I want to have a site protected only by ASP based on 

> session cookies, is it possible that he manually edits his information 

in 

> the cookies and elevate his own privilege? (I wasn't able to do that in 

> neither netscape nor ie, but I am not certain if there is other methods 

I 

> am unawared of)

> 

> thanks 



once a cookie file is opened it is rendered useless and will not be passed 

on for further information

cheers 

Laurence