ok, i'm just getting into cookies and wanted to throw this question out there to those of you who are smarter than I in that dept. basically, how bad(unsafe and all that good stuff) is it to store user information in a cookie once they're logged in? can one easily modify their cookie to pretend to be me? is readinga cookie a good enough answer to authentication?(we're doing it now..) just high level for now i guess.. any thoughts?