What should be stored in a cookie for a login system?

Question

What is the best thing to store in a cookie to keep a persistent logged-in state?

I have seen many websites (and beginner tutorials!) that simply store something lik

Answer 1

2 good articles are:

Persistent Login Cookie Best Practice

Improved Persistent Login Cookie Best Practice

Answer 2

The best practice is to store a randomly generated session id. The session then stores the user id or whatever else you need it to store. In PHP the session_start() method automatically generates the session id and a cookie named PHPSESSID, so you only need to worry about storing data in the $_SESSION array, not in the cookie.

Answer 3

Best practice would be to use a SESSION instead of a COOKIE for use data. COOKIES are used to store generic information not specific information about a user, that's what SESSIONS are used for.

Answer 4

The only thing that should be in a cookie is the sessionid generated by PHP (and this is done automatically when you use sessions). You should not store anything in the cookie except maybe a remembered username for the purpose of a "remember me" checkbox.