note: requires excluding IP (twitter, facebook example, as far as I know there is not eject when you change IP)
after reading a few articles I could not find a way out.
there are several ways
the user enters the username and password, the password is hashed on the client side, is sent to the server, verifies the data, if everything is OK generated random value is hashed, or even random and session ID and is written to the session.
when you generate a shape generated random value is written to hidden in the database, the user again enters the username and password, the password is hashed, then hashed together with additional value and sent to the server is checked again and there is written the value in the cookie.
now the function remember me on this computer.
here the problems begin, if you do those two methods and to check when opening a user of the site values (to compare the cookie with the base) it is possible to steal the cookie and log in. How to come up with a solution?