Storing information in cookie to remember login

I want to store some of the user information (hashed) in cookie 开发者_如何转开发to remember the login to sign in automatically. In order to make it relatively secure, I'd add user browser information with HTTP_USER_AGENT which will be something like: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040803 Firefox/0.9.3 I won't add user IP as the dynamic IP changes everytime. Is there any other user specific information which I can store in hashed cookie to make it bit secure to prevent the cookie stealing etc? Thanks.

This is a perfect example of security through obscurity. It does not make the system more secure, because the additional info can be easily forged by attackers.

I recommend you to store user ID from the database to session and store session ID in the cookie. That should be enough.

Also, you can make your sessions more secure by applying patches to the most common session attacks:

• Session fixation
• Session hijacking
• Session poisoning