When should I use session variables instead of cookies?

Question

Session variables and cookies seem very similar to me. I understand the technical differences, but how do you decide when to use one vs. the other?

Answer 1

Cookies are sent to the server on every request, so if you plan to store a fair amount of data, store it in a session.

Otherwise, if you are storing small amounts of data, a cookie will be fine.

Any sensitive data should be stored in a session, as cookies are not 100% secure. An advantage of cookies is that you can save memory on your server that would normally be storing session data.