Is sending the SessionID by cookie safer than sending the UserID by cookie because sessionID expires by UserID doesn't?

Because both can get you access to the data, right? I mean if someone is able to intercept your cookies and somehow decrypt them, and you have a session ID in that cookie, the attacker can simply user that SessionID to then get authorized, and then indirectly have a access to a UserId that then gets you any data you want, whereas if UserIDs are transmitted over cookies, someone would have a direct access to data by using that UserID to access the database.

So I guess what I'm asking is: is the only difference between sending one over the other as a security measure the fact that a sessionId is made to expire eventually, thus only granting temporary access, whereas an attacker getting a userId means they will have constant access to your data as long as your userId remains the same in the database?

Considering the fact that an attacker would simply try and grab your data as fast as they can anyway (within the time limits of a session, maybe), doesn't it only marginally help to send the sessionId instead of the UserId over cookies? Obviously session is better, but I guess what I'm saying is that isn't sending a sessionId over cookie still something that should be considered "sending sensitive data over cookies"? Because if the sessionId grants access to the DB, it's just an indirect but still very real way to access sensitive data.