I can only find login tutorials using cookies, but I want a login system using sessions (also I want to know what is better, using cookies or seesions?). Thanks.

your own application generated sessions or php sessions?
php sessions use cookies btw.

http://www.google.com/search?client=firefox-a&rls=org.mozilla%3Aen-US%3Aofficial_s&hl=en&q=php+session+login+-cookie&btnG=Google+Search

i like the idea of keeping everything in the "session" portion (used lightly) of the code, but session ids can be sniffed (i don't know how, i need to google it) and someone can take over that session.

cookies are typically used with sessions for they are placed on the clients computer once they log in and your script calls checks the cookies presence on each page. so it won't matter if someone gets the id of your session, because they won't have the cookie, but im pretty sure there is a way for someone to hack (mock i guess) cookies...

sorry for my lack of certainty. id rather not feed false info, and its been a little while since my last time looking at this stuff.

the problem is that clients can turn off cookies... you could force them to have them on to view your site, but it's your prerogative.

for really secure access use ssl... (https:\\...), but it was mentioned to me before that for the most part a good well patched session/cookie login can be good enough for everyday use. they said its very unlikely that your site will get hacked...

so, other people, help me out...