I have a really, really poor understanding around security and safety when building websites – what I want to do is store the information the user enters to log in into a cookie so that I can do two things:

1. Check the cookie from flash (via a php file) to grab information about a logged in user (if at all). This will be used for highscore APIs, etc.
2. Automatically log in a user when they come back to my site.

The site itself doesn’t really have any important information etc, so I mean it doesn’t have the be the most secure thing on earth (or even close). But I’d like it to not be tampered with if possible.

From my understanding, storing user information in a cookie can be bad because the user can just alter the cookie and be logged in as someone else.

I was thinking; is it reasonably safe to do something like this?:

1. When the user logs in, store an MD5’d version of their email address (used to log in). This way at least it’s extremely unlikely that they will be able to modify the information to reflect another user in the database.
2. Because someone could just MD5 an email address that they know someone else uses for the site and change their cookie to reflect that, should I maybe store their MD5’d password alongside it and then use these to attempt a login at every page? Only thing is that this seems like it would be slow/non-strategic because it’s needing to basically re-login with the information in the cookie every page.

This approach probably seems really strange, but would it work fine? The main requirement I have is that if the user is logged into my site, playing my flash games anywhere on the internet will automatically pick up that they’re logged in and work with their information.