You can certainly write cookies in the form of hashed password to each page to verify that the cookie username == dB.login && password == dB.password, but I'm not sure that's right.
that's right. not safe, but right. not safe because you can go to the browser and steal cookies. but it's a different kind of problem. you can put a lifetime Kuk = 0 and it will be emulation sessions, but without generating clouds of sessional files.
1. The user enters the username and password, they are correct.
2. Set cookies:
- ID - the ID of the user
- HASH - md5(user_password_hash + salt
user_password_hash - zaharovoy database password
salt - salt
then each page request will be of the form
SELECT * FROM `user` WHERE `id` = ID_из_куки
then just compare $_COOKIE['HASH'] === md5($user['user_password_hash'] . $user['salt'])The advantages of the approach
never occurs destruction of the "session" (i.e., always the user is logged in) if you don't put the cookies life time = 0. For many sites, where critical security is a very beautiful, easy and simple authorization option.