Why should I use session id in cookie instead of storing login and (hashed) password in cookie?

Question

(I was surprised that this question wasn\'t asked on Stack for now, but I\'ve done some searching and couldn\'t find anything o.O)

I am working on service-based webapp a

Answer 1

Double hashing doesn't protect you from the exploit. If one takes the stored user id and hashed password from the cookie and send to the server, he would instantly gain access. With session ids, it would at least time out.