Deleting HTTP cookies upon termination mitigates which security risk?

Cookies that store session identifiers let a website know you’re already authenticated. When you terminate a session by deleting these cookies, you prevent someone else from reusing that same session token to pretend to be you. If the cookie persists, an attacker who gains access to your device or can steal that cookie could reuse it to access sites that trust you, effectively stealing your authenticated session. So deleting cookies on termination mainly protects against session hijacking via stolen authentication tokens. Other options don’t fit this protection well: session fixation involves how a session ID is issued and tied to a user, which isn’t addressed simply by removing cookies on exit; SQL injection targets database queries; phishing via email is a separate social‑engineering threat and isn’t mitigated by cookie deletion.