So, if I understand you right, I should make a key using Digest::MD5, store it in a database, then insert this key into a cookie. Then check for its existence in a database? But then someone could edit their cookie and log in as any user?!

I suppose if someone got that key out of the database it'd be bad. Is this about as secure as is typically necessary?

Also it doesn't look like that article has much to do with encryption...