This is a multi-part question, so feel free to give input on any one of the parts, but since I can only accept one answer, I will accept the most complete answer in relation to all that is being asked. I will upvote partial answers if they are relevant and useful.

First, a little background, without going TL;DR on the question: I am using Quake Framework (yes, it’s mine) for this project – to quickly describe it, it uses CodeIgniter and jQuery 1.8.0 mainly (among others, but they are irrelevant for the question.) It also includes the Total Storage jQuery plugin (for local storage) and jQuery Cookies as a fallback for browsers that don’t support local storage.

Part 1:

I have built a user authentication system. The login has a “remember me” feature (which is not yet functional) – what is the best way to store the user’s data? Some thoughts:

• Store the username and sha1’d password in local storage/cookie. This seems to me to be a possibly insecure option, but I’m unsure.
• Store some kind of hash (maybe PHP’s com_create_guid()?) in the localstorage/cookie as well as in the database (maybe along with a date for expiry?)

Part 2:

After implementation of the “remember me” feature, what is the best way to finish implementing it? Should I have every page check for the cookie (because the user could initially hit any page and would need re-logged?) While each page of course needs to check the session, and once they are re-logged by the cookie/local storage, they will get a regular session, it seems very redundant to check for both a session and a cookie on each page (we’d of course first check for a session so that we don’t check cookies of logged-in users repeatedly, and then check for the cookie if there’s no session, but still.) Is there a better way?