Yeah you’re right, I created a simple cookie vs last login ip for the auth token and am just checking to see if the auth still exist for the session. I am trying to keep it bare bones. Is there any real danger to storing the auth token in the cookie plain if I am checking every single page against the login ip?