What are the potential risks of storing sensitive information like passwords in cookies in PHP?

Storing sensitive information like passwords in cookies in PHP poses a security risk as cookies are stored on the client-side and can be easily accessed or tampered with. To mitigate this risk, it is recommended to use server-side session storage for sensitive data and only store a reference (like a session ID) in the cookie.

// Start a session
session_start();

// Store sensitive information in session variable
$_SESSION['password'] = 'mySecurePassword';

// Set a cookie with a reference to the session ID
setcookie('session_id', session_id(), time() + 3600, '/');