Best way to implement AUTO LOG IN option in php

I have read several solutions such开发者_如何学Python as http://fishbowl.pastiche.org/2004/01/19/persistent_login_cookie_best_practice/

Now I understand you have to use Cookies but what's the most optimal/safest way to implement Auto Log in feature.

let's say we have a users table that contains user's account, email, password, etc

What about having a separate Session table that holds

session_id, ip, user_agent, user_id.

You save the session_id in a cookie and once the person visits the website again, the page pulls up a cookie and gets session_id. You then compare current ip and user agent to the ones stored in Session table. After that, you pull up user's data based on user_id from users table.

How does that solution sound?

You could use an ip address and if they don't match then they simply have to log in again.

Then you can compare the data and time with the one in the cookie, if different then they have to log back in.

You can also create a unique random number for them. This would change every time and you could compare that.

So, yea what you said would work just fine. Have a sessions table to keep track of the auto logins. I would at least add a date/time field as well.

Don't store the username and password in the cookie though, even if it's hashed. You should not have to do this for an auto login.