This is a somewhat different scenario than merlin's technique as referenced by mikeB above. I have slightly different needs than his column solves.

What I have done is to send a cookie on initial login that is an MD5 encoding of some information. This gives a random-looking number. I enter that cookie with any related information such as username and browser type into a database. You could use mySQL or whatever. I had to use a commercial Win2K database because it already was part of the project.

When I retrieve the cookie I can then look up the cookie value in the database to see if the user is allowed to access the site or some portion thereof (I can also retrieve any other user information from the db such as browser type). My db allows multiple cookies per user so a user can log in from different locations and have a "profile" associated with each. In addition I store an expiry time in the db because user accounts on the system expire after a while. I set the cookie expiry time to just exceed the account expiry time in the database. That way the cookie is not saved longer than the account is good.
--traveler