User experience is quite an important aspect of any web application. Cookies can play a part in having a website that enables a great user experience. There are many websites that actually use cookies to identify their users after they have logged in. On a website such as this, if you took out the cookies, you would have to log in again and again when navigating to different pages.

If a hacker can steal your cookies, they can easily pretend to be you. In this regard, you could be tempted to just disable the usage of cookies from your browser but, at the same time, there are many applications that force you to have them enabled.

Cookies could be used to store browsing history or site preferences, which are not all sensitive, but they can also have data that a website may utilize to identify you in between requests.

If a cookie used for authentication can be stolen, the user's identity can be assumed as well, therefore access is granted for all capabilities of the hijacked user. For this to be possible, though, the website must also be vulnerable to XSS, which was described earlier. The hacker can only steal a cookie if they are able to inject a script into the target website.