There are numerous login forms with the little check box "Remember my password" so that the next time you visit the website, the browser automatically fills up the password field for you.

But I have noticed a behavior in modern browsers, such as Chrome/Firefox, which shows up a notification bar to save the user name/passoword even though that particular web page does not have any "remember password" check box.

so my questions are:

1. If I have to put the "remember password" check box in a login form, what do I have to do when the user checks it? I mean, do I have to store the password in browser cookies (or Local Storage)? If so, should the password be encrypted or plain text?
2. The "Save password" notification bar is a browser's functionality or is there any way to invoke it from the web page?

you need to save a cookie on the client side, encrypted ofcourse. now with HTML5 i will recommend you to use Local Storage i use this jstorage plugin

The "save password" part comes from the browser's password manager whenever it sees an <input type="password"> that looks like it really is asking for a password. You can use the autocomplete attribute to suppress this in most browsers:

<input type="password" name="password" autocomplete="off">

This won't validate but that usually doesn't matter.

The "remember me" part is completely separate from the browser's password manager. The "remember me" flag is the server's business and all it does is fiddle with the expiry date on the cookie that it sends back. The server will always send a cookie back (unless they're not using cookies for tracking sessions but that's rare and wouldn't need a "remember me" anyway) with something inside it to identify the client user.

If you check "remember me" then you're telling the server that you want a persistent session. To achieve this, the server will include an expiry date with the cookie and that expiry date will be some time in the future. When the date arrives, the browser will expire and delete the cookie; without the cookie, the server won't know who you are anymore and you'll have to login again.

If you don't check "remember me" then you'll get a session cookie. Session cookies don't have expiry dates on them so automatically expire when the browser exits. Session cookies are useful for shared machines.

Executive summary:

• "Save password" is from the browser's password manager.
• "Remember me" is about the login cookie's expiry time.

Sorry to be so long winded but there seems to be some confusion and a lack of clarity in the other answers.

Question 1:

1. The session id is stored in the cookie. AFAIK, the password, or the hash of it is not stored. A session is created on the server side whenever you log in. If you logged in with "Remember Me" checked, the server passes a cookie with the session id (or encrypted session id, or something that uniquely identifies the user session) and this cookie is saved on the client side.
   When you login for the next time, the server checks whether there is a cookie with the session, if it is there (and the session has not been killed/expired - see point 2 below) then the server identifies you as "Veera" and lets you in the site.

2. Many websites offer an option of "Logout all sessions" (like Gmail: see the bottom of the window). This would invalidate all sessions associated with the user.

Question 2:
The remember password is a feature offered by the browser. The browser sees whether there is a <input type=password> on the page and prompts to save this password for you. Any <input type=password> would trigger this.

The difference between the server remembering you and the browser remembering your password is whether your password is saved or not. And combined with the option of "Logging out all sessions" this is a lot better than letting the browser save your password.

1. You will need a way to know who the user is. Normally this is done by saving a cookie on the users browser. You should only use something that is not easily spoofed and so encryption should be used. You could use local storage, so long as you are confident that all browsers that will be used on your site support it.

2. No, there isn't. Having a password field is normally what triggers the bar.

1. Yes you need to use cookies
2. This is a browser functionality and there is no way to trigger it

1. The usual way to do it should be a cookie with the encrypted password on client side
2. I'm not entirely sure of what I'm saying, but from an user point of view, seems to me that browser determine if they need to display their internal password-saving dialog based uniquely on the presence of a password input on the page. So, as long as you have a standard password input on your page, the browser will try to add the user/password combination into its database.