Make the normal login etc.
Then in the header use session_start
if ($_COOKIE['Login_Cookie']) {
// Read cookie (Make it store userid / password hashed with md5) and query against a database.
If it matches up, start the sessions for quick login, if it doesnt then delete the cookie and send a mail with their ip and what they used to try to access the site to yourself as to take legal action if they were trying to exploit something.
Also the php manual includes VERY detailed information on cookies.