Writing Remember Me for login

Question

I'm going to write a login page, and I've been reading Charlie Miller's article on Remember Me for logins. Also read the OWASP cheat sheet. I was thinking, instead of a persistent database entry for the random number, could you not just store the random number in the $_SESSION array? Then check the user cookie, if it matches, then regenerate numbers and set in session cookie and user cookie?

Answer 1

The point is, usually you don't have a valid session for the user when he has to login again. Sessions don't get stored infinitely.