The idea behind “remember me” is that it’s an option that lasts between logins and sessions. This is best implemented as a separate cookie that you can set if the user checks the box. If “remember me” means that the application should log you back in if the policy has expired, then simply store a signed cookie that never expires. Then when the application raises an HTTPForbidden because the user isn’t logged in, you can check for the cookie, see that they wanted to be remembered, log them back in, and redirect them back to where they were trying to go. That’s just one option, depending on what you mean by “remember me”.

Configuring Pyramid’s Default Session Factory

If you are using the UnencryptedCookieSessionFactoryConfig session factory, then you need to pass an appropriate value for the cookie_max_age argument. The timeout parameter is also checked, which is a signed timestamp stored within the cookie. Combined with max_age, the actual expiration time of the session would be the minimum of max_age and timeout.

http://docs.pylonsproject.org/projects/pyramid/en/1.3-branch/api/session.html#pyramid.session.UnencryptedCookieSessionFactoryConfig

Creating Custom Cookies

To set a custom cookie you simply need to call response.set_cookie() with the parameters you’d like. If you are using a renderer then you can access the response object that’s used via request.response. Otherwise if you are manually creating a response object yourself, just set it there.

http://docs.pylonsproject.org/projects/pyramid/en/1.3-branch/api/response.html#pyramid.response.Response.set_cookie