What is the correct and safe/secure way to keep a user logged in? cookies? session? PHP && MYSQL

Question

Later I was asking how to logout correctly a user, now I seeing that using only cookies to keep a user logged in is not secure at all.

Keep the password in a cookie

Answer 1

As @Madara said nothing is 100% secure and correct but as developer point of view I would say each and every methods of retaining user's session data has its own advantages and disadvantages for instance.

User Data in Cookies vs Session

If you are keeps user's session data in cookies it will consume less server's RAM memory and processing because you don't have to keep logged user's info into RAM. also if user increases then its recommended to keep user session data in cookies rather than session because keeping in session would consume server resources and your application could be slower and non responsive sometime. where as if you are keeps user's logged in data into session It would be secure than cookies but it would consume more server resources.

On final note: Both the ways are correct in its own implementation also if your application is using HTTPS protocol then security shouldn't be a concern. so I would suggest use methods of retaining user's session data according to the application's and business model's requirement.