Before asking i searched SO and found this answer which essentially says GUID are predictable and thus should never be used for anything random. But from my understanding i disagree. However this question is about squishing a GUID

From my understanding a GUID is made of part MAC address, time and random number. I dont know what part of the GUID is what but this function essentially uses it as 2 64bit ints and XOR them together. I currently use the result as 1) A reset key for people who want to reset their password. 2) Login key. When you login it sets the key in the db and cookie. Everytime you visit the site it checks to see if the cookie matches the userid and loginkey with the databases.

Is this secure? To me it feels random enough. The bytes aren't use to encrypt things and even if you know when a person logged in down to the 100milliseconds i doubt it can guess it (keep in mind checking is via network connection, not checking the DB directly in which case you have/can see the value already)

Is there a problem with this use?

public static Int64 GuidInt64(bool noZero=true)
{
    Int64 randNum;
    do
    {
        var g = Guid.NewGuid();
        var buf = g.ToByteArray();
        var l0 = BitConverter.ToInt64(buf, 0);
        var l1 = BitConverter.ToInt64(buf, 8);
        randNum = l0 ^ l1;
    } while (noZero && randNum == 0);
    return randNum;
}

"Secure enough" is relative, and varies based on how sensitive the data is that you're protecting, and the likelihood of an attack.

On a banking system I'd have doubts, but on a site like StackOverflow, where there's not much sensitive data or not much that can be done with a stolen identity (except trash a reputation) I'd say it's secure enough.

It all boils down to risk and reasonable mitigation of the risk.

That said, with so many good, existing encryption algorithms, it's still better to use a one-way hash to store username and password, or other similar security keys.

Why are you using a GUID at all?

using (var rng = new System.Security.Cryptography.RNGCryptoServiceProvider())
{
    byte[] inBytes = new byte[4];
    rng.GetBytes(inBytes);
    return BitConverter.ToInt64(inBytes,0);
}

you may also want to check for collisions before accepting the generated value.