I have rewritten I had previously submitted to adjust for comments made. This is my proposal for a login system that can reliably keep a user logged in for an extended period with minimal use of SSl to save on overhead. I have also posted code at http://getitdownonpaper.com/2009/07/15/secure-persistent-login-with-very-little-ssl-part-2/.