Index: wp-login.php
===================================================================
--- wp-login.php	(revision 6360)
+++ wp-login.php	(working copy)
@@ -288,7 +288,6 @@
 default:
 	$user_login = '';
 	$user_pass = '';
-	$using_cookie = FALSE;
 
 	if ( !isset( $_REQUEST['redirect_to'] ) || is_user_logged_in() )
 		$redirect_to = 'wp-admin/';
@@ -296,25 +295,31 @@
 		$redirect_to = $_REQUEST['redirect_to'];
 
 	if ( $http_post ) {
+		// If cookies are disabled we can't log in even with a valid user+pass
+		if ( empty($_COOKIE[TEST_COOKIE]) )
+			$errors['test_cookie'] = __('<strong>ERROR</strong>: WordPress requires Cookies but your browser does not support them or they are blocked.');
+		
 		$user_login = $_POST['log'];
 		$user_login = sanitize_user( $user_login );
 		$user_pass  = $_POST['pwd'];
 		$rememberme = $_POST['rememberme'];
+
+		do_action_ref_array('wp_authenticate', array(&$user_login, &$user_pass));
 	} else {
-		$cookie_login = wp_get_cookie_login();
-		if ( ! empty($cookie_login) ) {
-			$using_cookie = true;
-			$user_login = $cookie_login['login'];
-			$user_pass = $cookie_login['password'];
+		$user = wp_validate_auth_cookie();
+		if ( !$user ) {
+			$errors['expiredsession'] = __('Your session has expired.');
+		} else {
+			$user = new WP_User($user);
+
+			// If the user can't edit posts, send them to their profile.
+			if ( !$user->has_cap('edit_posts') && ( empty( $redirect_to ) || $redirect_to == 'wp-admin/' ) )
+				$redirect_to = get_option('siteurl') . '/wp-admin/profile.php';
+			wp_safe_redirect($redirect_to);
+			exit();
 		}
 	}
 
-	do_action_ref_array('wp_authenticate', array(&$user_login, &$user_pass));
-
-	// If cookies are disabled we can't log in even with a valid user+pass
-	if ( $http_post && empty($_COOKIE[TEST_COOKIE]) )
-		$errors['test_cookie'] = __('<strong>ERROR</strong>: WordPress requires Cookies but your browser does not support them or they are blocked.');
-
 	if ( $user_login && $user_pass && empty( $errors ) ) {
 		$user = new WP_User(0, $user_login);
 
@@ -322,15 +327,11 @@
 		if ( !$user->has_cap('edit_posts') && ( empty( $redirect_to ) || $redirect_to == 'wp-admin/' ) )
 			$redirect_to = get_option('siteurl') . '/wp-admin/profile.php';
 
-		if ( wp_login($user_login, $user_pass, $using_cookie) ) {
-			if ( !$using_cookie )
-				wp_setcookie($user_login, $user_pass, false, '', '', $rememberme);
+		if ( wp_login($user_login, $user_pass) ) {
+			wp_setcookie($user_login, $user_pass, false, '', '', $rememberme);
 			do_action('wp_login', $user_login);
 			wp_safe_redirect($redirect_to);
 			exit();
-		} else {
-			if ( $using_cookie )
-				$errors['expiredsession'] = __('Your session has expired.');
 		}
 	}
 
Index: wp-includes/compat.php
===================================================================
--- wp-includes/compat.php	(revision 6360)
+++ wp-includes/compat.php	(working copy)
@@ -147,6 +147,27 @@
 	}
 }
 
+if ( ! function_exists('hash_hmac') ):
+function hash_hmac($algo, $data, $key, $raw_output = false) {
+	$packs = array('md5' => 'H32', 'sha1' => 'H40');
+
+	if ( !isset($packs[$algo]) )
+		return false;
+
+	$pack = $packs[$algo];
+
+	if (strlen($key) > 64)
+		$key = pack($pack, $algo($key));
+	else if (strlen($key) < 64)
+		$key = str_pad($key, 64, chr(0));
+        
+	$ipad = (substr($key, 0, 64) ^ str_repeat(chr(0x36), 64));
+	$opad = (substr($key, 0, 64) ^ str_repeat(chr(0x5C), 64));
+
+	return $algo($opad . pack($pack, $algo($ipad . $data)));
+}
+endif;
+
 // Added in PHP 4.3.0?
 if (!defined('IMAGETYPE_GIF'))
     define('IMAGETYPE_GIF', 1);
Index: wp-includes/pluggable.php
===================================================================
--- wp-includes/pluggable.php	(revision 6360)
+++ wp-includes/pluggable.php	(working copy)
@@ -46,14 +46,12 @@
 	if ( ! empty($current_user) )
 		return;
 
-	if ( empty($_COOKIE[USER_COOKIE]) || empty($_COOKIE[PASS_COOKIE]) ||
-		!wp_login($_COOKIE[USER_COOKIE], $_COOKIE[PASS_COOKIE], true) ) {
+	if ( ! $user = wp_validate_auth_cookie() ) {
 		wp_set_current_user(0);
 		return false;
 	}
 
-	$user_login = $_COOKIE[USER_COOKIE];
-	wp_set_current_user(0, $user_login);
+	wp_set_current_user($user);
 }
 endif;
 
@@ -293,7 +291,7 @@
 endif;
 
 if ( !function_exists('wp_login') ) :
-function wp_login($username, $password, $already_md5 = false) {
+function wp_login($username, $password, $deprecated = false) {
 	global $wpdb, $error;
 
 	$username = sanitize_user($username);
@@ -313,26 +311,68 @@
 		return false;
 	}
 
-	// If the password is already_md5, it has been double hashed.
-	// Otherwise, it is plain text.
-	if ( !$already_md5 ) {
-		if ( wp_check_password($password, $login->user_pass) ) {
-			// If using old md5 password, rehash.
-			if ( strlen($login->user_pass) <= 32 ) {
-				$hash = wp_hash_password($password);
-				$wpdb->query("UPDATE $wpdb->users SET user_pass = '$hash', user_activation_key = '' WHERE ID = '$login->ID'");
-				wp_cache_delete($login->ID, 'users');
-			}
+	if ( !wp_check_password($password, $login->user_pass) ) {
+		$error = __('<strong>ERROR</strong>: Incorrect password.');
+		return false;
+	}
 
-			return true;
-		}
+	// If using old md5 password, rehash.
+	if ( strlen($login->user_pass) <= 32 ) {
+		$hash = wp_hash_password($password);
+		$wpdb->query("UPDATE $wpdb->users SET user_pass = '$hash', user_activation_key = '' WHERE ID = '$login->ID'");
+		wp_cache_delete($login->ID, 'users');
+	}
+
+	return true;
+}
+endif;
+
+if ( !function_exists('wp_validate_auth_cookie') ) :
+function wp_validate_auth_cookie($cookie = '') {
+	if ( empty($cookie) ) {
+		if ( empty($_COOKIE[AUTH_COOKIE]) )
+			return false;
+		$cookie = $_COOKIE[AUTH_COOKIE];
+	}
+
+	list($username, $expiration, $hmac) = explode('|', $cookie);
+
+	if ( $expiration < time() )
+		return false;
+
+	$user = get_userdatabylogin($username);
+	if ( ! $user )
+		return false;
+
+	$key = wp_hash($username . $expiration);
+	$hash = hash_hmac('md5', $username . $expiration, $key);
+	
+	if ($hmac != $hash)
+		return false;
+
+	return $user->ID;
+}
+endif;
+
+if ( !function_exists('wp_set_auth_cookie') ) :
+function wp_set_auth_cookie($user_id, $remember = false) {
+	$user = get_userdata($user_id);
+
+	if ( $remember ) {
+		$expiration = $expire = time() + 1209600;
 	} else {
-		if ( md5($login->user_pass) == $password )
-			return true;
+		$expiration = time() + 172800;
+		$expire = 0;
 	}
 
-	$error = __('<strong>ERROR</strong>: Incorrect password.');
-	return false;
+	$key = wp_hash($user->user_login . $expiration);
+	$hash = hash_hmac('md5', $user->user_login . $expiration, $key);
+
+	$cookie = $user->user_login . '|' . $expiration . '|' . $hash;
+
+	setcookie(AUTH_COOKIE, $cookie, $expire, COOKIEPATH, COOKIE_DOMAIN);
+	if ( COOKIEPATH != SITECOOKIEPATH )
+		setcookie(AUTH_COOKIE, $cookie, $expire, SITECOOKIEPATH, COOKIE_DOMAIN);
 }
 endif;
 
@@ -350,9 +390,9 @@
 if ( !function_exists('auth_redirect') ) :
 function auth_redirect() {
 	// Checks if a user is logged in, if not redirects them to the login page
-	if ( (!empty($_COOKIE[USER_COOKIE]) &&
-				!wp_login($_COOKIE[USER_COOKIE], $_COOKIE[PASS_COOKIE], true)) ||
-			 (empty($_COOKIE[USER_COOKIE])) ) {
+	if ( (!empty($_COOKIE[AUTH_COOKIE]) &&
+				!wp_validate_auth_cookie($_COOKIE[AUTH_COOKIE])) ||
+			 (empty($_COOKIE[AUTH_COOKIE])) ) {
 		nocache_headers();
 
 		wp_redirect(get_option('siteurl') . '/wp-login.php?redirect_to=' . urlencode($_SERVER['REQUEST_URI']));
@@ -379,19 +419,18 @@
 	if ( !wp_verify_nonce( $nonce, $action ) ) {
 		$current_name = '';
 		if ( ( $current = wp_get_current_user() ) && $current->ID )
-			$current_name = $current->data->user_login;
+			$current_name = $current->user_login;
 		if ( !$current_name )
 			die('-1');
 
+		$auth_cookie = '';
 		$cookie = explode('; ', urldecode(empty($_POST['cookie']) ? $_GET['cookie'] : $_POST['cookie'])); // AJAX scripts must pass cookie=document.cookie
 		foreach ( $cookie as $tasty ) {
-			if ( false !== strpos($tasty, USER_COOKIE) )
-				$user = substr(strstr($tasty, '='), 1);
-			if ( false !== strpos($tasty, PASS_COOKIE) )
-				$pass = substr(strstr($tasty, '='), 1);
+			if ( false !== strpos($tasty, AUTH_COOKIE) )
+				$auth_cookie = substr(strstr($tasty, '='), 1);
 		}
 
-		if ( $current_name != $user || !wp_login( $user, $pass, true ) )
+		if ( $current_name != $user || empty($auth_cookie) || !wp_validate_auth_cookie( $auth_cookie ) )
 			die('-1');
 	}
 	do_action('check_ajax_referer');
@@ -483,42 +522,18 @@
 endif;
 
 if ( !function_exists('wp_setcookie') ) :
-function wp_setcookie($username, $password, $already_md5 = false, $home = '', $siteurl = '', $remember = false) {
+function wp_setcookie($username, $password = '', $already_md5 = false, $home = '', $siteurl = '', $remember = false) {
 	$user = get_userdatabylogin($username);
-	if ( !$already_md5) {
-		$password = md5($user->user_pass); // Double hash the password in the cookie.
-	}
-
-	if ( empty($home) )
-		$cookiepath = COOKIEPATH;
-	else
-		$cookiepath = preg_replace('|https?://[^/]+|i', '', $home . '/' );
-
-	if ( empty($siteurl) ) {
-		$sitecookiepath = SITECOOKIEPATH;
-		$cookiehash = COOKIEHASH;
-	} else {
-		$sitecookiepath = preg_replace('|https?://[^/]+|i', '', $siteurl . '/' );
-		$cookiehash = md5($siteurl);
-	}
-
-	if ( $remember )
-		$expire = time() + 31536000;
-	else
-		$expire = 0;
-
-	setcookie(USER_COOKIE, $username, $expire, $cookiepath, COOKIE_DOMAIN);
-	setcookie(PASS_COOKIE, $password, $expire, $cookiepath, COOKIE_DOMAIN);
-
-	if ( $cookiepath != $sitecookiepath ) {
-		setcookie(USER_COOKIE, $username, $expire, $sitecookiepath, COOKIE_DOMAIN);
-		setcookie(PASS_COOKIE, $password, $expire, $sitecookiepath, COOKIE_DOMAIN);
-	}
+	wp_set_auth_cookie($user->ID, $remember);
 }
 endif;
 
 if ( !function_exists('wp_clearcookie') ) :
 function wp_clearcookie() {
+	setcookie(AUTH_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN);
+	setcookie(AUTH_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN);
+
+	// Old cookies
 	setcookie(USER_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN);
 	setcookie(PASS_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN);
 	setcookie(USER_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN);
@@ -697,7 +712,12 @@
 	if ( empty($salt) )
 		$salt = DB_PASSWORD . DB_USER . DB_NAME . DB_HOST . ABSPATH;
 
-	return $salt;
+	if ( ! defined('SECRET_KEY') )
+		$secret_key = 'shhhh';
+	else
+		$secret_key = SECRET_KEY;
+		
+	return $salt . $secret_key;
 }
 endif;
 
Index: wp-config-sample.php
===================================================================
--- wp-config-sample.php	(revision 6360)
+++ wp-config-sample.php	(working copy)
@@ -6,6 +6,7 @@
 define('DB_HOST', 'localhost');    // 99% chance you won't need to change this value
 define('DB_CHARSET', 'utf8');
 define('DB_COLLATE', '');
+define('SECRET_KEY', 'shhhh'); // Change this to something unique
 
 // You can have multiple installations in one database if you give each a unique prefix
 $table_prefix  = 'wp_';   // Only numbers, letters, and underscores please!
Index: wp-settings.php
===================================================================
--- wp-settings.php	(revision 6360)
+++ wp-settings.php	(working copy)
@@ -186,9 +186,11 @@
 }
 
 if ( !defined('USER_COOKIE') )
-	define('USER_COOKIE', 'wordpressuser_'. COOKIEHASH);
+	define('USER_COOKIE', 'wordpressuser_' . COOKIEHASH);
 if ( !defined('PASS_COOKIE') )
-	define('PASS_COOKIE', 'wordpresspass_'. COOKIEHASH);
+	define('PASS_COOKIE', 'wordpresspass_' . COOKIEHASH);
+if ( !defined('AUTH_COOKIE') )
+	define('AUTH_COOKIE', 'wordpress_' . COOKIEHASH);
 if ( !defined('TEST_COOKIE') )
 	define('TEST_COOKIE', 'wordpress_test_cookie');
 if ( !defined('COOKIEPATH') )