How to implement secure "Remember me"

Question

I am trying to figure out how to implement "Remember me" into an app that I am working on. Currently my implementation looks like this.

1. User Signs in and requests to be remembered
2. Server validates user with email/password
3. If validation is successful, I generate a JSON web token using the user's email and a secret key stored on the server.
4. The token is then sent as a cookie back to the client. But at the same time the token is hashed using bcrypt and store in the user's information in the database.
5. Now, when the user visits the page later, the cookie is sent to the server when the page is loaded and validated against the stored hash in the database.

To me this "seems" secure because the token essentially becomes the user's password and treated accordingly on the server side. However, I'm not sure if this is actually secure or if there is something I am missing.

Answer 1

Instead of cookies you can use HTML5 Web Storage API. It is much more secure and is supported by all the modern browsers(IE8+).

LocalStorage is a nice interface around Web Storage API. It is a form of client persistent storage without any expiry(until the user clears it) or the developer does it from JavaScript.

You can further study this answer difference between Cookie and LocalStorage.