Possible Duplicate:
PHP Storing Current Session IDs in Database using Cookies
I want to have login persistence for my users with COOKIES. But, the more I read and learn the more I realize that they can be tampered with. Thus, making them not the safest method to go. I am only storing the user’s id as to remember them across multiple pages while they are logged in. Of course, I know that SESSIONS are the best way to go, but only as far as security is concerned. Right? They aren’t good for persistence like COOKIES are, and that is what I am going for. So that users don’t have to re-login every time they close and reopen their browser. What can I do?
While this has been answered in the comments, let me stress a main point: Login persistence means nothing else, than moving user login (or a big part thereof) from the responsibility and control of your app to the responisbility of a browser,which you don’t control runninf on an OS you don’t conrol on a device you don’t control.
This need not be so horrible as it sounds, e.g. an internal-facing webapp with all logins coming from a supervised OS in a security construct such as a domain might be perfectly acceptable.
OTOH, depending on the kind and value of the data your app handles, this might definitly NOT be acceptable: Users logging on from some kind of public internet terminal to update their healthcare data with logon persistence might land you in jail in some jurisdictions. So let me suggest, that before looking at the how of login persistence, you revisit the if and the context.