![_masi](https://xoops.org/uploads/avatars/blank.gif)
I don't think it is a good idea to store the actual password in the cookie nor it is to send out a simple hashed version of it. Have a look at sourceforge, they use even a hashed/encrypted login plus a special session_persist cookie.
And of course this feature has to be configurable
![](https://xoops.org/uploads/smil42e7a65fee35d.gif)
A config to turn it on and off and another one to configure the timeout in days.
Anyway I'd love to see this in the official XOOPS.
PS: BTW, I posted an ugly autologin hack myself. It's about an auto-login after an auto-approved registration. Perhaps you could integrate this as well, while you're at it
![](https://xoops.org/uploads/smil3dbd4d6422f04.gif)