Having the session cookie specific to the machine or browser offers at least the possibility to associate machine/browser specific information with the cookie (like some kind of browser fingerprint). Such associated information might then be used to better detect if the cookie was used on a different machine, i.e. impersonation done via cookie theft.
Note that this cookie protection is purely optional, i.e. just because the cookie is machine/browser specific does not mean that such information will be definitely associated with the cookie but only that this could be done.
If the session cookie is instead machine/browser independent such protection is not possible at all, but instead a stolen cookie could easily be used from other systems. This means the risk of impersonation would be higher.
Which is more vulnerable …
None of this actually presents a vulnerability. A vulnerability would be if some attacker could steal the session cookie, for example using XSS or by sniffing unprotected connections. The options you present only offer more or less ways to mitigate the impact of the vulnerability by making it harder or easier for the attacker to misuse the stolen cookie.