13Kas
Why not use a long life session ID for auto-login instead of a persistent cookie with a token?
On the PHP website it is stated that "Developers must not use long life session IDs for auto-login because it increases the risk of stolen sessions.". Instead it is recommended to use a secure one time hash key as an auto-login k…