Setting cookie that is valid for a long term is not secure. I prefer to use
“session cookie” for login session management. Session cookie is cookie that
does not have expiration time. Session cookie is stored in memory in most of
browsers and deleted when user closes browser.
Here is tip to implement auto login feature with secure manner.