My web application uses sessions to store information about the user once they’ve logged in, and to maintain that information as they travel from page to page within the app. In this specific application, I’m storing the user_id, first_name and last_name of the person.
I’d like to offer a “Keep Me Logged In” option on log in that will put a cookie on the user’s machine for two weeks, that will restart their session with the same details when they return to the app.
What is the best approach for doing this? I don’t want to store their user_id in the cookie, as it seems like that would make it easy for one user to try and forge the identity of another user.