UPDATE: this article https://premium.wpmudev.org/blog/set-get-delete-cookies/ was interesting for me concerning session handling in WordPress. I didn’t know that it is kind of stateless.
When I put wp_signon in the functions.php file of the template the cookie is set and the user is logged in.

But it is a bad idea to change core code from a core template!
So how do I add code to the functions.php without changing it … ?