you need to save a cookie on the client side, encrypted ofcourse. now with HTML5 i will recommend you to use Local Storage i use this jstorage plugin

您需要在客户端保存一个 cookie，当然是加密的。现在使用 HTML5 我会推荐你​​使用本地存储我使用这个jstorage 插件

The "save password" part comes from the browser's password manager whenever it sees an <input type="password">that looks like it really is asking for a password. You can use the autocomplete attribute to suppress this in most browsers:

“保存密码”部分来自浏览器的密码管理器，每当它看到一个<input type="password">看起来确实是在要求输入密码时。您可以使用 autocomplete 属性在大多数浏览器中抑制这种情况：

<input type="password" name="password" autocomplete="off">

This won't validate but that usually doesn't matter.

这不会验证，但这通常无关紧要。

The "remember me" part is completely separate from the browser's password manager. The "remember me" flag is the server's business and all it does is fiddle with the expiry date on the cookie that it sends back. The server will always send a cookie back (unless they're not using cookies for tracking sessions but that's rare and wouldn't need a "remember me" anyway) with something inside it to identify the client user.

“记住我”部分与浏览器的密码管理器完全分开。“记住我”标志是服务器的业务，它所做的只是修改它发回的 cookie 上的到期日期。服务器将始终发回一个 cookie（除非他们不使用 cookie 来跟踪会话，但这种情况很少见，并且无论如何都不需要“记住我”），其中包含一些内容来识别客户端用户。

If you check "remember me" then you're telling the server that you want a persistent session. To achieve this, the server will include an expiry date with the cookie and that expiry date will be some time in the future. When the date arrives, the browser will expire and delete the cookie; without the cookie, the server won't know who you are anymore and you'll have to login again.

如果您选中“记住我”，那么您就是在告诉服务器您想要一个持久会话。为了实现这一点，服务器将在 cookie 中包含一个到期日期，该到期日期将是将来的某个时间。当日期到达时，浏览器将过期并删除co​​okie；如果没有 cookie，服务器将不再知道您是谁，您将不得不再次登录。

If you don't check "remember me" then you'll get a session cookie. Session cookies don't have expiry dates on them so automatically expire when the browser exits. Session cookies are useful for shared machines.

如果您不选中“记住我”，那么您将获得一个会话 cookie。会话 cookie 没有过期日期，因此在浏览器退出时会自动过期。会话 cookie 对共享机器很有用。

Executive summary:

执行摘要：

• "Save password" is from the browser's password manager.
• "Remember me" is about the login cookie's expiry time.

• “保存密码”来自浏览器的密码管理器。
• “记住我”是关于登录 cookie 的到期时间。

Sorry to be so long winded but there seems to be some confusion and a lack of clarity in the other answers.

抱歉啰嗦了这么久，但其他答案似乎有些混乱和缺乏清晰度。

Question 1:

问题 1：

1. The session id is stored in the cookie. AFAIK, the password, or the hash of it is not stored. A session is created on the server side whenever you log in. If you logged in with "Remember Me" checked, the server passes a cookie with the session id (or encrypted session id, or something that uniquely identifies the user session) and this cookie is saved on the client side.
   When you login for the next time, the server checks whether there is a cookie with the session, if it is there (and the session has not been killed/expired - see point 2 below) then the server identifies you as "Veera" and lets you in the site.

2. Many websites offer an option of "Logout all sessions" (like Gmail: see the bottom of the window). This would invalidate all sessions associated with the user.

1. 会话 ID 存储在 cookie 中。AFAIK、密码或它的哈希值不会被存储。每当您登录时，都会在服务器端创建一个会话。如果您在选中“记住我”的情况下登录，服务器会传递一个带有会话 ID（或加密会话 ID，或唯一标识用户会话的东西）的 cookie，这cookie 保存在客户端。
   当您下次登录时，服务器会检查会话中是否存在 cookie，如果存在（并且会话尚未终止/过期 - 请参阅下面的第 2 点），则服务器会将您标识为“Veera”并且让你进入网站。

2. 许多网站提供了“退出所有会话”的选项（如 Gmail：见窗口底部）。这将使与用户关联的所有会话无效。

Question 2:
The remember password is a feature offered by the browser. The browser sees whether there is a <input type=password>on the page and prompts to save this password for you. Any <input type=password>would trigger this.

问题2：
记住密码是浏览器提供的一项功能。浏览器会看到<input type=password>页面上有没有，提示你保存这个密码。任何<input type=password>都会触发这个。

The difference between the server remembering you and the browser remembering your password is whether your password is saved or not. And combined with the option of "Logging out all sessions" this is a lot better than letting the browser save your password.

服务器记住您和浏览器记住您的密码的区别在于您的密码是否保存。结合“注销所有会话”选项，这比让浏览器保存密码要好得多。

1. You will need a way to know who the user is. Normally this is done by saving a cookie on the users browser. You should only use something that is not easily spoofed and so encryption should be used. You coulduse local storage, so long as you are confident that all browsers that will be used on your site support it.

2. No, there isn't. Having a password field is normally what triggers the bar.

1. 您将需要一种方法来了解用户是谁。通常这是通过在用户浏览器上保存 cookie 来完成的。您应该只使用不容易被欺骗的东西，因此应该使用加密。您可以使用本地存储，只要您确信将在您的站点上使用的所有浏览器都支持它。

2. 不，没有。拥有密码字段通常是触发栏的原因。

1. Yes you need to use cookies
2. This is a browser functionality and there is no way to trigger it

1. 是的，您需要使用 cookie
2. 这是浏览器功能，无法触发

1. The usual way to do it should be a cookie with the encrypted password on client side
2. I'm not entirely sure of what I'm saying, but from an user point of view, seems to me that browser determine if they need to display their internal password-saving dialog based uniquely on the presence of a password input on the page. So, as long as you have a standard password input on your page, the browser will try to add the user/password combination into its database.

1. 通常的做法应该是在客户端使用加密密码的 cookie
2. 我不完全确定我在说什么，但从用户的角度来看，在我看来，浏览器会根据页面上是否存在密码输入来确定他们是否需要显示其内部密码保存对话框. 因此，只要您在页面上输入了标准密码，浏览器就会尝试将用户/密码组合添加到其数据库中。