Stay Logged In Best Practices: How does a username in the cookie make it more secure?

Question

This is a branch of another question: What is the best way to implement "remember me" for a website?

The top answer is to implement this: http://jaspan.com/imp

Answer 1

The username and number are looked up as a pair on the server before issuing a new session cookie. Without the username it would be less secure (could replay using a different user if you stole the number) and harder to lookup.