You just store a long random string -to make it next to impossible to guess- as cookie in the browser. Think of it as a secret.
On the server side you store the username, and any other data you need in a database (can be the session, can be in a database, it's your choice). As long as you get the "secret" you're good to go: you can log them in if they are not, or keep working if they are logged in.
If you log them out and know they should not be auto-logged in you ignore the setting and send them to the login page.
Don't forget to refresh the cookie every so often (they do expire eventually).
If you store somethig like a username in the browser, an attacker can change the username ...