Can cookies be used to replace the session superglobal

EMMANUEL NUOTAH TUONUO DERY Hmmm... 🤔 When a cookie is created without specifying an expiration, the cookie will automatically be cleared when the browser closes. Server sessions, on the other hand, remains in memory until it's expired or explicitly unset or memory is reclaimed. If the session ID is cleared from the cookie, a new session is created. But the old session remains until expired. It's just orphaned from any clients... so-to-speak. Likewise, the session could expire before the cookie expires. In this case, the browser cookie will be orphaned from any session on the server. So... while it appears the session ended when the browser closes, it's really that the cookie was cleared. Technically speaking... the connection between the server and browser is stateless, as in, the server is disconnected from the client after sending the response. Not sure if I answered your question. But the question details implied a possible misunderstanding. I hope this helps.

Yes, but I believe lots security flaws would arise. You should check Oauth by the way to improve security.