Hey I am building the commercial social media application where we are managing the roles upto 6 types ex. member, admin, contributor, etc. What are the security risks of storing user roles/types in a cookie? and if not then what are the best practice to do
User can change his cookies. And become admin 
You need to save session Id in cookie, and all about who user is is server side work
1 Like