Cookies can easily be viewed and modified by users, for example by the Chrome extension EditThisCookie
. Therefore, storing passwords in cookies is probably not a good idea.
You could encrypt the cookie using a server key that is somehow affected by the user name. You would have a base key for cookie encryption/decryption and then maybe salt it with the username stored. Crypto operations would obviously have to be performed on the server.
Probably better is storing a session key in the cookie, still encrypted to prevent theft of cookies from allowing the thief to log in. Have the session key include some information about the user-agent and whatever other info the browser supplies, maybe. Of course, you'll have to keep a table of valid session keys on the server.