I've been mucking about with this login class and have been starting to make some alterations. Wondered if i pick some more advanced php-ers brains. I want to verify someone is logged in without creating an object so I changed the verifyAccess method to static and call it like this:

/* Verify access */
Login::verifyAccess();
if (false)
{
$login = new Login;

/* Include the HTML for the form */
require_once('./lib/form.php');
}

Any thoughts on this? When you declare a method as static does that mean you are allowing it to be called when there is no object instantiated or specifying it can ONLY be called when no object is instantiated?

Also - any thoughts on the difference between using sessions as opposed to cookies to manage logins. I've always used cookies in the past and i know sessions are server side and probably safer but in my use of this script i want a user "logged in" indefinitely so once they log in they'll never have to login again unless they logout. I know a cookie is perfect for this as i've done it before maybe setting the cookie expiry for a year or something but can I do the same thing with a session or is it ill-suited as essentially you are storing such data on the server? Any advice on this? Cheers.