Until now, I set a cookie with username and md5(password), for example:
jack:1a1dc91c907325c69271ddf0c944bc72
and then I simply use a normal login($user, $pwd) function.
But I think it's better to store a cookie with the user ID and a secret code, generated for example with md5('secret_word' . $user_id). I set a cookie like:
612:257bdf176a114212c6cf8495c3c8c6da
and then I get the user ID (612), check the secret code with that ID, and then log the user.
There is something different in these two ways about security?
Thank you!