What is the correct and safe/secure way to keep a user logged in? cookies? session? PHP && MYSQL

Question

Later I was asking how to logout correctly a user, now I seeing that using only cookies to keep a user logged in is not secure at all.

Keep the password in a cookie

Answer 1

If a person has a login and password, this can be set as a cookie in their browser so they do not have to re-login to your website every time they visit. You can store almost anything in a browser cookie. The trouble is that a user can block cookies or delete them at any time. If, for example, your website's shopping cart utilized cookies, and a person had their browser set to block them, then they could not shop at your website.

When you store data in cookies, you must be absolutely certain that users can’t tamper with the data in any way. There’s no way to keep users from altering the data in a cookie; it’s absurdly easy. So, in order to ensure that your website doesn’t accept cookies containing altered data, you need to either encrypt the cookie values or sign them with a hash that allows you to verify their integrity.