Remember me login cookie

mdowling

I want to make it so the user doesn't have to login everytime he visits my site.

So, I guess I make a new table that contains the username and a random hash. Then if the user has a cookie for my site then I compare the username in the cookie with the usernames in the login table. If they match I then compare the md5 hash for the user and the md5 hash in the table. If they match then I log the user in....Right?

How do I do this? How do I create a randomly generated hash using md5 and then decode it (or do I even need to if I am just comparing the two)?

How could I make sure the login table doesn't have over a million entries in it that don't work for anybody?

goldlikesnow

Indeed, you have compare the md5 values, but there is no sense for a randomaly hash. For security reasons, I would recommend you make a md5 hash of the user id instead of passing his password through a cookie.