Nowadays, some browser plug-ins can be used to easily obtain the user's cookies and export them. After testing JD.com and PHP Chinese website, you can log in at will. Then here comes the problem. If cookies are so dangerous, why is everyone still using them? Is it to reduce the pressure on the server, so use cookies instead of sessions?
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
