Hashes or tokens for “remember me” cookies?

Question

When it comes to remember me cookies, there are 2 distinct approaches:

Hashes
The remember me cookie stores a string that can iden

Answer 1

Yes tokens would be more secure if they produce a random string each time.

On the other hand, the whole point of remember me is that the user doesn't have to log in again, so unless they click log out your rarely going to need to re-produce a new token unless it expires.

I guess you should stick with tokens and not sacrifice security for lazyness :-p