Your question is rather like asking How long is a piece of string? If you look around the net you will find lots of different sites implement this in different ways. This very shrine uses two methods... either it abandons the information when you log off or it stores a permanent cookie in your browser. Yahoo Mail (at least the UK version insists that you reenter your password again if you keep a session open for a few hours as a protection for those who wander off leaving their mail open.

Basicly, there is no fixed answer for your question.... at least, there is one but it is likely to be unique to your own site. You need to sit down and work out a few answers:

• Do you want returning visitors to connect without logging in?
• Are there security reasons that insist you auto logout after a certain length of time?
• Are you looking to track users across sessions?
• What would offer the best 'value for money' (I cant think of another way of putting this) for your visitors?
• And more, these are just off the top of my head.