Rails v2.3 : Difference between session and cookies

Question

I am learning Rails by reading the online guide(for Rails v2.3). The guide is great, however, there is a confusion for me, that\'s:

there is a chapt

Answer 1

As to me the main difference is that the session data stored on the server, whereas the cookies are stored on the client (browser).

So you can trust the data from the session. Information from the cookie can be manipulated, stolen, and thus should not be relied on for critical use (for right access for example).

Second point, is that cookies have a limited size, and are only text-based. You can store in session many complex objects (but beware of memory consumpation), and you don't have to transfer them to client then back at each request.