fix: cookies typo and broken image

files/en-us/web/http/cookies/index.md

@@ -17,9 +17,9 @@ Typically, the server will use the contents of HTTP cookies to determine whether
 1. The user sends sign-in credentials to the server, for example via a form submission.
 2. If the credentials are correct, the server updates the UI to indicate that the user is signed in, and responds with a cookie containing a session ID that records their sign-in status on the browser.
 3. At a later time, the user moves to a different page on the same site. The browser sends the cookie containing the session ID along with the corresponding request to indicate that it still thinks the user is signed in.
-4. The browser checks the session ID and, if it is still valid, sends the user a personalized version of the new page. If it is not valid, the session ID is deleted and the user is shown a generic version of the page (or perhaps shown an "access denied" message and asked to sign in again).
+4. The server checks the session ID and, if it is still valid, sends the user a personalized version of the new page. If it is not valid, the session ID is deleted and the user is shown a generic version of the page (or perhaps shown an "access denied" message and asked to sign in again).
 
-![visual representation of the above sign-in system description](https://mdn.github.io/shared-assets/images/diagrams/http/cookies/cookie-basic-example.png)
+![visual representation of the above sign-in system description](cookie-basic-example.png)
 
 Cookies are mainly used for three purposes: