Secure login system

[detest]

Right now I'm just using sessions. No hashing or anything. When a user logs in, the username is stored in a session and used for reference on dynamic pages. What are the dangers of this? How can I improve it?

 

Also, I would like to securely allow users to stay logged in. So, cookies will have to be used. How can I securely use cookies? I've found examples online that involved hashing the username with a "secret string", but this seems dumb to me.

 

 

I'm a real newb at security, so I'll probably ask more questions. Thanks in advance.