Check out SOLID principles. Having different classes to break down your problem into “things that needs changes for the same reasons” or “one reason for change” follow the “S” for SRP or Single Responsibility Principle.
It is a bit long winded from Uncle Bob, but watch the video.
This video is a bit more PHP related.
Now answer this question:
Would sessions and cookies have different “consumers” in your application? If yes, then they should take on their own responsibilities, because they would need to change for different reasons than your checkCredentials class.
I hope that makes sense. 
Scott