I am working on a simple Python web application for learning purposes. I have chosen a very minimalistic and simple framework. I have done a significant amount of research but I couldn't find a source clearly explaining what I need, which is as follows:

I would like to learn more about:

• User registration
• User Log-ins
• User Log-outs
• User auto-logins

I have successfully handled items 1 and 3 due to their simple nature.

However, I am confused with item 2 (log-ins) and item 4 (auto-logins).

When a user enters username and password, and after hashing with salts and matching it in the DB;

• What information should I store in the cookies in order to keep the user logged in during the session?
• Do I keep username+password but encrypt them? Both or just password?
• Do I keep username and a generated key matching their password?
• If I want the user to be able to auto-login (when they leave and come back to the web page), what information then is kept in the cookies?

I don't want to use modules or libraries that handle these things automatically. I want to learn basics and why something is the way it is.

I would also like to point out that I do not mind reading anything you might offer on the topic that explains hows and whys. Possibly with algorithm diagrams to show the process.

Some information:

I know about setting headers, cookies, encryption (up to some level, obviously not an expert!), request objects, SQLAlchemy etc. I don't want any data kept in a single web application server's store. I want multiple app-servers to be handle a user, and whatever needs to be kept on the server to be done with a Postgres/MySQL via SQLAlchemy (I think, this is called stateless?) Thank you.