I was creating a login system with PHP and I wondered: Why are sessions needed?
If I store a cookie with the userid and the sessionid doesn't it pose the exact same security risks to storing a cookie with userid and password hash (given that the password hash is strong enough)? Yeah, someone could potentially steal the cookie, but isn't it the same if they steal the sessionid cookie?
Could someone tell me what's the reason for using sessions in every (reasonably secure) login system?