for remembering passwords, sessions or cookies or both?

If a user decides to remember their password based on a checkbox when logging in, is it good practice to set both session and cookies? or would it be better to just do cookies?

I think I understand to do sessions when user logs in and DOES NOT like to remember the password.

Which one is good practice for remembering logging in?

Tha开发者_如何学Pythonnks for your time!

---

Since a session gets killed by default after 20 minutes, what do you think is the best solution for long-time storage?

I hope you're not thinking of actually storing the password in either a cookie or a session, but to store some random ID you also store in your database, which you check on every page view?