Well, the problem with session is that it destroys when users close their browser.
In case of sites like Facebook, I have noticed even if you close your browser,
you still can go back to your account without logining in.

This shows Facebook is using cookies.
I would like to learn how to securely implement cookie into my login system?
My own guess is to:

1) create random string when user logs in and store in table.
2)add the user agent to the random string.
3) hash the coupled string and store in a cookie.
4) store the user_id and hashed string seperately in login table.

Then:
5) every time the user goes to a new page, compare the browser
Cookie Hash string within the database table if there was a match.
6) get the random string from table and add it to clients http agent
And chech to see if it is the same as the string in the cookie.
7) if everything was a match then allow user into the new page.

Hi thanks for the greate article, is there a reason why you have avoided using cookies?