So this may be a bit of a stupid question but I'm not sure I'm understanding this completely. Currently, my site uses sessions to store username and a UserID across the site; however, the session lacks the ability to remember a user should they close the browser. I want to build an option that would allow a user, on login, to click "remember me" that will save there information for a specified period of time.

My question is, how would this work? So when the login page is processed, if a user checks the box I will do a setcookie command to create the cookie. Do I also create a session? Now, when the user returns, how do I check the cookie and more importantly, how do I ensure that information is secure? (I currently use SSL for the login and to set the session)

Thanks for the guidance!

Well, to make sure the information is secure, I recommend setting the secure flag to true during the setcookie call. The secure makes it so that the information in the cookie can only be sent if there is an SSL connection present.

Hope this helps.