i don't know how other sites do it and i haven't given this much thought, but you definitely don't want to store any critical user information in a cookie. i'd store some kind of server-generated client token in the cookie. on the server i'd store the client token along with some attributes of the client like IP address, browser being used, last request date/time and a few other things i could find.
when a request is submitted, check for the presence of the cookie, read the client token, retrieve the client attributes from the table and compare them to the current request and, if everything checks out, let them in. if it doesn't redirect them to the login page.
since i've never done anything like this, i'm sure there are some holes in there somewhere. perhaps someone can provide some more insight.
edit: i should have added that i run a web-based secure personal location management system and i would never implement something like this. auto-logging users in, keeping them logged in, storing usernames client side, etc... they're all security compromises waiting to happen.