[arkokoley]

Whenever a user visits the website, a session cookie is created in the user's system, that is set to expire after 15 years. Using this cookie data, I identify and authenticate the user.

The user also has a private url which he can use to login using other devices. Once logged in from this unidentified device, another cookie is created for the user but with a short time span. The user has the option to set the device as trusted which will result in the cookie expiry to be set at 15 years.

[alexmobile]

OK, got it.

You probably ask for user's email and send them their secret special link that could be used over and over to restore the cookie? in case if they accidently delete their cookie?

[arkokoley]

Not yet. Currently the user has to make sure to save that link. There is no recovery if they delete the cookie and have no access to the secret link. This idea originated from NightChamber which refrains from asking for any kind of user details to maintain anonymity. But that might have to change with my implementation because of the social network like features. Emailing the secret link seems good, now that I think about it. Thanks!