Thanks for that clarification.
You said something in another thread about not using passwords at all since it'd be available in the user's dev console at any time, or something to that extent. What about that?
The way I do it now is I have a single index.php which is used for logging in, authing against a MySQL DB, returning a session string, loading the game (via echo from wihtin the PHP file) and passing that session string into the game by setting it as a cookie with PHP, and then loading it up in-game by using the Cookie plugin.
What is your take on such a solution? Better or worse than what you just suggested?