I know there is Zend_Auth_Storage_Interface to keep your session saved but that means I should not use cookies anymore?

(and there is also Zend_Http_Cookie) (oh and Zend_Controller_Request_Http)
I remember a friend saying that the session lasts a lifetime, but you see right now i'm a bit confused.

By default, sessions do not last a lifetime, but die when the user closes their browser. There is a time limit (usually about 20 minutes or so), so that if there are no new requests (user browses to another page, etc) the session will just time out.

Sessions will set a cookie, but only to keep track of the user and the session... there is a session file on the server that cooresponds to this cookie, and this is how their session is recognized by php on the next request.

You can override this in PHP.ini, including not using cookies (which will pass the session identifier as a query string variable)... but this is not recommended for security.

If you can avoid setting your own cookies, and store info in the session, then I recommend doing so. However, if you need information to last longer than the session, then cookies are a decent choice, but just use them sparingly.

And don't worry about using Zend_Http_Cookie and Zend_Controller_Request_Http or anything... Just call setcookie() as normal.

Well, I think it would be sort of impossible for a custom CMS, then again I'll read more about sessions (not technically used to them in any way) should be a good practice.

Thanks !

What are you looking to store in the cookie?

Right now, just a normal cookie to write in the user and pass and a session id *to tell the location where the user's in right now* to store for at least a year (expiration)