Cookies are saved on the client computer, so the security of the information stored in a cookie cannot be controlled by you on the server side. If the client's computer is not protected, then all of their cookie information is vulnerable to hackers. Sessions are a more secure way of temporarily saving information, because session data is saved on the PHP server, not the client computer. As long as the server is secure, the information is secure.