There is no need for two cookies. You can make a new db table with login data. With a random key field, and a user_id field. If you read the random key from the cookie, you can match the user_id.