http://modauthcookie.weebly.com/

Original documentation from: http://raburton.lunarpages.com/apache/mod_auth_cookie/

All this apache cookie auth module does is collect the cookie if it exists, and
convert it into a Basic Authentication header.  Then you use the normal
User-ID/Password mechanisms to grant authorization to the directory/page you
are protecting.

So, the first step is to get password-based authentication & authorization
working.  Then add the cookies.

For example, using the standard mod_auth module for authorization, I might have
this configuration:

--cut here--
AuthName "Members Only"
AuthType Basic
AuthUserFile /web/config/users.txt
AuthGroupFile /web/config/groups.txt
Require group members
--cut here--

What this does is use Basic Authentication to collect your credentials, then
uses the users.txt and groups.txt files to check your password and determine if
you are allowed access (in this case if you are a member of the 'members' group.

Now, to use the Cookie based module, I added the one directive AuthCookieName
to make the .htaccess file look like this:

--cut here--
AuthName "Members Only"
AuthType Basic
AuthUserFile /web/config/users.txt
AuthGroupFile /web/config/groups.txt
Require group members
AuthCookieName Login
--cut here--

What this does is look for a cookie labeled "Login".  If it exists, the module
converts it into the Authentication header needed by the original authorization
module.  The rest works as before.  If the cookie doesn't exist, then the server
will send back a "authorization required" message to the web browser which will
then prompt for a user id an password, which will then be used as normal.

For this to work in Apache 1.3 mod_auth_cookies must be listed at the end of the
modules list (after all other mod_auth_* modules you might want to use with it).
The choice of authorization module is not important, you can use the standard
file-based authorization or DBM based authorization modules if you like.
You do not need to ensure any particular module order for Apache 2.

There are also two more configuration directives:
AuthCookieOverride - if request contains both a cookie and an Authorization
    header, the cookie will be the one that is used.

AuthCookieBase64 - cookie contains "username:password" already base64 encoded
    as would be flowed in the normal Authorization header. Recommended as this
    will make the password (slightly) harder to figure out from the cookie, at
    the very least it will obscure it from people looking over your shoulder.