This risk is inherent in using cookies to authenticate sessions: the cookie is a bearer token, anyone who can present the cookie is authenticated.
This is why you see further protections such as:
- automatic log out after a certain amount of time, or period of inactivity;
- device fingerprinting;
- requiring re-authentication for critical actions (e.g. making a bank transfer or changing your password).