I've currently got my user registration and login set up with sessions (including the session cookie).
I want the user to be able to come back in a few months time and still be 'logged in'. I have set the life of the session cookie to a long time in order to do this.
But will this cause problems? If a session is kept 'open' for ages will it not build up on the server and cause performance issues? Also is there an issue if garbage removal deletes the session info from the server, but the user comes back later with the session ID in the cookie?
Would it be better to use sessions for whilst users are on the site (so non-cookie users can still use it) and set a separate independent cookie with a long lifetime storing the username and check for that when the user visits after having been away for a while?
