Cookies related are most common vulnerabilities identified in websites.
2. If using cookies, make then HTTP only and secure. This can be done at application server configuration.
3. If using cookies, set the expiry time till you need, dont leave them for ever unless its mandate. There is expiry parameter on the cookie.
4. Obvious dont store any secure data in cookie. It can be easily hacked.
For further reading refer OWASP official link – OWASP HTTPOnly