I've never "Learnt" how to make a login script just sort of assumed how to do it so i was wondering if my way was bad lol, here's a description.

Username and password stored in database (password md5'ed).

When the user attempts to login then it will check the database to see if the info matches.

If all is well at this point then in a sessions table it will insert the username, a random code and there IP address.

Then a cookie is set with a base64 encoded serialized array, in the array is the id of the session in the database, username and random code.

Then if they try to view a members page it will check that the info from the cookie and the users ip address matches that in the database.

Is this bad ? lol

Make sense? :)