Itqualityassurance
The remember-me feature typically works by generating a unique cookie, associating it with the user in the database, and adding a persistent cookie (i.e. a cookie which is saved on disk by the browser) to the response once the user is logged in.
How do websites remember me?
Typically it's done via a cookie. Upon user login, a cookie is set with a specific (cryptographically secure) code (typically NOT including the user's password or any derivation thereof, but instead a hash that is used to look for the user), which is sent with each request.
Is it safe to use Remember Me?
The “remember me” option is safe to use on computers and devices that you can trust to protect your browser. It doesn't defeat the purpose of 2FA because the convenience it provides is limited to each computer and browser that you choose to use it on.
Does Remember me save your password?
About "Remember me"
For security reasons, your Password is never saved. Important: Because "Remember me" stores your User ID on the computer you are using at the time, do not use this feature on public computers (such as those in a library, hotel or internet café) or if you use a screen reader software application.
