Web authentication state - Session vs Cookie?

Question

What\'s the best way to authenticate and track user authentication state from page to page? Some say session state, some say cookies?

Could I just use a session var

Answer 1

Cookies and Sessions by themselves are not truly sufficient. They are tools to use to track the user and what they do, but you really need to think about using a database to persist information about the user that can also be used to secure the application.