diff --git a/html/includes/authenticate.inc.php b/html/includes/authenticate.inc.php
index b68073af7f..005f426cae 100644
--- a/html/includes/authenticate.inc.php
+++ b/html/includes/authenticate.inc.php
@@ -1,6 +1,8 @@
 <?php
 
 @ini_set("session.gc_maxlifetime","0");
+@ini_set('session.use_only_cookies', 1);
+@ini_set('session.cookie_httponly', 1);
 require('includes/PasswordHash.php');
 
 session_start();
@@ -21,28 +23,28 @@ if (!is_writable($config['temp_dir']))
   echo("<div class='errorbox'>Temp Directory is not writable ({$config['tmp_dir']}).  Graphing may fail.</div>");
 }
 
+// Clear up any old sessions
+dbDelete('session', "`session_expiry` <  ?", array(time()));
+
 if ($vars['page'] == "logout" && $_SESSION['authenticated'])
 {
   dbInsert(array('user' => $_SESSION['username'], 'address' => $_SERVER["REMOTE_ADDR"], 'result' => 'Logged Out'), 'authlog');
+  dbDelete('session', "`session_username` =  ? AND session_value = ?", array($_SESSION['username'],$_COOKIE['sess_id']));
   unset($_SESSION);
+  unset($_COOKIE);
+  setcookie ("sess_id", "", time() - 60*60*24*$config['auth_remember'], "/");
+  setcookie ("token", "", time() - 60*60*24*$config['auth_remember'], "/");
+  setcookie ("auth", "", time() - 60*60*24*$config['auth_remember'], "/");
   session_destroy();
-  setcookie ("username", "", time() - 60*60*24*100, "/");
-  setcookie ("password", "", time() - 60*60*24*100, "/");
   $auth_message = "Logged Out";
   header('Location: /');
   exit;
 }
 
-if (isset($_GET['username']) && isset($_GET['password']))
-{
-  $_SESSION['username'] = mres($_GET['username']);
-  $_SESSION['password'] = $_GET['password'];
-} elseif (isset($_POST['username']) && isset($_POST['password'])) {
+// We are only interested in login details passed via POST.
+if (isset($_POST['username']) && isset($_POST['password'])) {
   $_SESSION['username'] = mres($_POST['username']);
   $_SESSION['password'] = $_POST['password'];
-} elseif (isset($_COOKIE['username']) && isset($_COOKIE['password'])) {
-  $_SESSION['username'] = mres($_COOKIE['username']);
-  $_SESSION['password'] = $_COOKIE['password'];
 }
 
 if (!isset($config['auth_mechanism']))
@@ -62,10 +64,12 @@ else
 
 $auth_success = 0;
 
-if (isset($_SESSION['username']))
+if ((isset($_SESSION['username'])) || (isset($_COOKIE['sess_id'],$_COOKIE['token'])))
 {
-  if (authenticate($_SESSION['username'],$_SESSION['password']))
+  if ((authenticate($_SESSION['username'],$_SESSION['password'])) || (reauthenticate($_COOKIE['sess_id'],$_COOKIE['token'])))
   {
+    // Regenerate session id for additional security.
+    session_regenerate_id();
     $_SESSION['userlevel'] = get_userlevel($_SESSION['username']);
     $_SESSION['user_id'] = get_userid($_SESSION['username']);
     if (!$_SESSION['authenticated'])
@@ -76,8 +80,28 @@ if (isset($_SESSION['username']))
     }
     if (isset($_POST['remember']))
     {
-      setcookie("username", $_SESSION['username'], time()+60*60*24*100, "/");
-      setcookie("password", $_SESSION['password'], time()+60*60*24*100, "/");
+      $sess_id = session_id();
+      $hasher = new PasswordHash(8, FALSE);
+      $token = strgen();
+      $auth = strgen();
+      $hasher = new PasswordHash(8, FALSE);
+      $token_id = $_SESSION['username'].'|'.$hasher->HashPassword($_SESSION['username'].$token);
+      // If we have been asked to remember the user then set the relevant cookies and create a session in the DB.
+      setcookie("sess_id", $sess_id, time()+60*60*24*$config['auth_remember'], "/", null, null, true);
+      setcookie("token", $token_id, time()+60*60*24*$config['auth_remember'], "/", null, null, true);
+      setcookie("auth", $auth, time()+60*60*24*$config['auth_remember'], "/", null, null, true);
+      dbInsert(array('session_username' => $_SESSION['username'], 'session_value' => $sess_id, 'session_token' => $token, 'session_auth' => $auth, 'session_expiry' => time()+60*60*24*$config['auth_remember']), 'session');
+      //setcookie("username", $_SESSION['username'], time()+60*60*24*100, "/");
+      //setcookie("password", $_SESSION['password'], time()+60*60*24*100, "/");
+    }
+    if (isset($_COOKIE['sess_id'],$_COOKIE['token'],$_COOKIE['auth']))
+    {
+      // If we have the remember me cookies set then update session expiry times to keep us logged in.
+      $sess_id = session_id();
+      dbUpdate(array('session_value' => $sess_id, 'session_expiry' => time()+60*60*24*$config['auth_remember']), 'session', 'session_auth=?', array($_COOKIE['auth']));
+      setcookie("sess_id", $sess_id, time()+60*60*24*$config['auth_remember'], "/", null, null, true);
+      setcookie("token", $_COOKIE['token'], time()+60*60*24*$config['auth_remember'], "/", null, null, true);
+      setcookie("auth", $_COOKIE['auth'], time()+60*60*24*$config['auth_remember'], "/", null, null, true);
     }
     $permissions = permissions_cache($_SESSION['user_id']);
   }
diff --git a/html/includes/authentication/http-auth.inc.php b/html/includes/authentication/http-auth.inc.php
index e34a0dde23..9b0f511072 100644
--- a/html/includes/authentication/http-auth.inc.php
+++ b/html/includes/authentication/http-auth.inc.php
@@ -27,6 +27,11 @@ function authenticate($username,$password)
   return 0;
 }
 
+function reauthenticate($sess_id = "",$token = "")
+{
+  return 0;
+}
+
 function passwordscanchange($username = "")
 {
   return 0;
diff --git a/html/includes/authentication/ldap.inc.php b/html/includes/authentication/ldap.inc.php
index 1d4e7cc20d..d640097d70 100644
--- a/html/includes/authentication/ldap.inc.php
+++ b/html/includes/authentication/ldap.inc.php
@@ -49,6 +49,11 @@ function authenticate($username,$password)
   return 0;
 }
 
+function reauthenticate($sess_id,$token)
+{
+  return 0;
+}
+
 function passwordscanchange($username = "")
 {
   return 0;
diff --git a/html/includes/authentication/mysql.inc.php b/html/includes/authentication/mysql.inc.php
index a639af54d1..91cc8f1897 100644
--- a/html/includes/authentication/mysql.inc.php
+++ b/html/includes/authentication/mysql.inc.php
@@ -36,6 +36,22 @@ function authenticate($username,$password)
   return 0;
 }
 
+function reauthenticate($sess_id,$token)
+{
+  list($uname,$hash) = explode("|",$token);
+  $session = dbFetchRow("SELECT * FROM `session` WHERE `session_username` = '$uname' AND session_value='$sess_id'");
+  $hasher = new PasswordHash(8, FALSE);
+  if($hasher->CheckPassword($uname.$session['session_token'],$hash))
+  {
+    $_SESSION['username'] = $uname;
+    return 1;
+  }
+  else
+  {
+    return 0;
+  }
+}
+
 function passwordscanchange($username = "")
 {
   /*
diff --git a/includes/defaults.inc.php b/includes/defaults.inc.php
index e96e505f60..f06b1137d4 100644
--- a/includes/defaults.inc.php
+++ b/includes/defaults.inc.php
@@ -390,6 +390,7 @@ $config['irc_chan'][] = "##" . $config['project_id'];
 $config['allow_unauth_graphs']      = 0;       # Allow graphs to be viewed by anyone
 $config['allow_unauth_graphs_cidr'] = array(); # Allow graphs to be viewed without authorisation from certain IP ranges
 $config['auth_mechanism']           = "mysql"; # Available mechanisms: mysql (default), ldap, http-auth
+$config['auth_remember']            = '30';    # This is how long in days to remember users who select remember me
 
 // LDAP Authentication
 
diff --git a/sql-schema/029.sql b/sql-schema/029.sql
new file mode 100644
index 0000000000..d6e8a57143
--- /dev/null
+++ b/sql-schema/029.sql
@@ -0,0 +1,2 @@
+CREATE TABLE IF NOT EXISTS `session` (  `session_id` int(11) NOT NULL AUTO_INCREMENT,  `session_username` varchar(30) NOT NULL,  `session_value` varchar(60) NOT NULL,  `session_token` varchar(60) NOT NULL,  `session_auth` varchar(16) NOT NULL,  `session_expiry` int(11) NOT NULL,  PRIMARY KEY (`session_id`)) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;
+