Cookies and role in website

Hey I am building the commercial social media application where we are managing the roles upto 6 types ex. member, admin, contributor, etc. What are the security risks of storing user roles/types in a cookie? and if not then what are the best practice to do

User can change his cookies. And become admin :slight_smile:
You need to save session Id in cookie, and all about who user is is server side work

1 Like