What is the difference between a Session and a Cookie?

Question

What is the difference between a Session and a Cookie?

What circumstances should each be used?

Answer 1

A cookie is an identifaction string stored by a server (who has a domain) in the browser of the user who visits the server/domain.

A session is a unit of maybe variables, state, settings while a certain user is accessing a server/domain in a specific time frame. All the session information is in the traditional model stored on the server (!)

Because many concurrent users can visit a server/domain at the same time the server needs to be able to distinguish many different concurrent sessions and always assign the right session to the right user. (And no user may "steal" another uses's session)

This is done through the cookie. The cookie which is stored in the browser and which should in this case be a random combination like s73jsd74df4fdf (so it cannot be guessed) is sent on each request from the browser to the server, and the server can assign and use the correct session for its answers (page views)

The cookie allows the server to recognize the browser/user. The session allows the server to remember information between different page views.