When the user log's in, you should create a session variable (it's very inefficient and insecure as others mentioned to save a lot of session information in a cookie). Of course, sessions will expire if they close the browser window, so what you could do is something like this:
PHP:
<?php
//include files
session_start();
if(isset($_SESSION['userName'])) {
// We're good to go, do nothing
} else {
if(isset($_COOKIE['UN']) { // if we find the cookie on their machine
if (md5($yourUserNameVarialbe) == $_COOKIE['UN']) { // compare the md5 of the current entered username and the md5 of the cookie
$_SESSION['userName'] = $yourUserNameVariable;
} else {
$_SESSION['userName'] = "yourUserNameVariable";
// set a cookie with encrypted data that expires in 1 day
setcookie("UN", md5($_SESSION['userName'], time()+86400);
} // end if/else
} // end if/else
} // end if/else
?>
This isn't a complete code listing, but I just wrote it so you get the idea of the logic involved. You can add any bells and whistles to it that you want.
Just as a side note, one little GOTCHA is to make sure that you print nothing to the screen before you call setcookie, otherwise it will fail (because the response has already been sent by the server, which is the time when cookies are sent).
I know the code isn't perfect, but my goal wasn't to write a whole session and cookie management script. There are other factors to consider, such as:
1.) When you md5, there is no "reverse" md5. You can only go to md5 and compare, not from and compare. You might want to consider storing the username in plain text and use the unique php session id all within the cookie.
2.) What is a safe amount of time to save the cookie?
3.) Would it be a better idea to manage saved sessions via IP Address of the client's computer and save that in a database.
Just some things to consider, hope this helps.
