Basically, what I want is to use an alternative to the login cookies as they technically can be guessed (there are ways to counter this, but why not eliminate the threat completely)?
What I'm thinking of is a system with a big do not use on public computers warning that would allow users to auto-login not with a cookie, but by following an URL such as /login/email@example.com/myPassword.
What I want to ask is, should I bother creating such a system or would it make even more security flaws? On one hand, the cookie-based one can simply request the password again if, for example, the IP or user agent don't match, on the other, I can save quite a lot of DB space by not having to store cookie names.