Beware of custom cookies

Cookies are meant to store user-related data on the browser.

The recommended method of handling user data is not with a Cookie, but with an HttpSession:

If you decide to use a Cookie directly, then care should be exercised that: Note as well that the Open Web App Security Project says that 'Remember Me' cookies are a security risk.

See Also :
Manage sessions closely