Hello, today I figured out why users are logged out when you have two wikis on the smae server that share their session cookie: It was because the salt for encrypting the password was different in the two wiki instances. After copying data/meta_htcookiesalt from one instance to the other, everything works fine now. However, I can't figure out why the code in auth_login is implemented the way it is implemented. As far as I understand, the cookie data (username and password) is "cached" in the session, after the cache expires (the cache lifetime is stored in $conf['auth_security_timeout']) the cookie data is sent to the auth class. But why store the data in the cookie at all? Wouldn't a session suffice? The code is very clever, I understand what it does, but I don't understand the reason behind it. Can anyone explain? Greetings, Gabriel -- DokuWiki mailing list - more info at http://wiki.splitbrain.org/wiki:mailinglist