How to create a remember me cookie for login form? After seccessful login should i set both plain password and username in cookie and when accessing login form it checks whether cookie is set, it auto-fills in login form with cookie data? And cookie should be set for one year expiry until user uncheck it on next login?
Never put password in cookie, you dont need to set all that in cookie, just set it like
<?php
$expire=time()+60*60*24*30; // month (60 sec * 60 min * 24 hours * 30 days).
setcookie("user", "Alex", $expire);
?>
and check for valid cookie when user is back
<?php
if (isset($_COOKIE["user"]))
echo "Welcome " . $_COOKIE["user"] . "!<br>";
else
echo "Welcome guest!<br>";
?>
Syntax :
setcookie(name, value, expire, path, domain);
The above is not a good idea either because I could edit my cookies to login as Admin.
A better approach would be to generate a token value each time the user logs in and store that in a cookie and another cookie for the username/id and then check they both match in the database.
But on topic: just set the cookie to last longer for a remember me function.