Storing login information in Cookies

Question

I want to save user\'s authentication information in browser cookie for persistent login. As they say, its never safe to store any secret info (such as password) in cookie, but

Answer 1

i think there is no any other choice

Think again.

You don't need to store the password clientside in order to maintain a session. The 'remember me' operation is just the same - use a random value which is a lookup key to data held on your server.

Short of using client side certificates with pass phrases, anything else you do to complicate things will not improve security, and is more likely to expose your customer's private data.