Cookies are stored in the user’s browser to track behavior on a specific website. They also keep a user logged in during the active browsing session. Without cookies a user would need to log in, in order to authenticate every action they take. Essentially, cookies keep a user logged in until they either log out or the cookie expires.
Cookie Stealing and Session Hijacking
If an attacker is able to steal active cookies, the attacker can pretend to be that user and perform any actions the user has permissions to perform.