[eluser]mscahill[/eluser]
I poked around online some, and it seems that the most secure method is checking user credentials, and then storing the user_name, a session_id, and a date in the database. The cookies, then, would be an encrypted user_name and session_id. The Auth model would look for the session_id and user_name to exist within that day's sessions. It would be kind of like buying a day pass to Disney. :-)
What do you think?