If your session is hijacked, i.e. fully copied cookies, user-agent, etc. You still can't tell if there has been a change or not.
You cannot simply give the user ID as a session identifier, because in this case, they can simply try to use a different ID. And so the session identifier can be anything, the main thing is that you can use it to restore the session on the server. Examples:
1. Encrypted ID + useragent. (Bad option if attackers become aware of the encryption mechanism)
2. Contains the key to the database (Having received it, you can check the presence of such an active session and other data in the database)
3. A session token can also be transmitted, which changes after each request. Came a second time, something is not right.

What for ?? this is the same as caching a domain, otherwise someone will suddenly find out. Cookies can be changed in the browser, but what's the point? Authentication is now everywhere by token.

For example, I write down the user's ID in the cookie

What for?!
If the user, then there is already a session.
And if there is a session, then the server already knows the user parameters.
Why should the browser know them?!
Store in the server session everything you need after authorization and that's it.