I currently have it that when a user logs in their username and userid are saved in a cookie. As this isn't the most secure method i now plan on changing the method;
When the user logs in, a unique token is saved in the cookie. The username, userid, banned boolean and unique token are stored a session. The token in the cookie has to match the token in the session to be logged in.
I've thought about storing the token in the database? Alot of times in my code i quickly require the username and userid, so storing in a session is the most logical idea to me instead of always querying the database.
Anyway, is my method appropriate?; if not, what is a proven method?