PHP

How correct are the following approaches?

Hello. I am registering on my site and faced the following questions that simply haunt me.
1. How competently, correctly and safely store user data in the following form?
I have one "UD" cookie. In it, information about the user is stored in the following form: 191c90e0e6ad59a59588b23fb896ef0b-000014
Here, the set of characters before "-" is the password cipher (no, no, it is not one (cipher), the password in the database itself was also very strongly encrypted before that) , and the numbers after "-" are the user id. There are also doubts about the fact that if this cookie is "hijacked", they will be able to access this user's account. Another thing is that you can steal any cookie.
2. How to avoid reloading the database with the following approach?
Every time any page of my site is loaded, I need to display in the header (and not only, for example) the user's first and last name, as well as his avatar, the path to which is stored in the database. But after all I so I will put the server? Just imagine what would happen if (I know this amount is unattainable for me, this is just an example) 100,000 users simultaneously open 10 pages each. On the other hand, this approach makes it possible to constantly "monitor" the status of the user, whether he is banned or not. I don't know, maybe there is some way to avoid this? It just seems to me just murderous to send a request to the database every time you load it, which will find out the name, surname, account status and avatar of the user account by the ID cut off from the cookie.
Who has any advice on this? Maybe I'm worried in vain, maybe the servers are much more resilient than I think?