in reply to How to make a secure website

Anything insecure about this?

What is stopping anybody from giving themselves a cookie that says userid="admin" ? They would not even need to know the password for admin to do it.