deathshadow pointed out good practises to use on login and good ethics on php coding.
one thing I dont suggest is storing actual user table id to identify the user after logged in.what I suggest is...