What is the difference between a Session and a Cookie?

Question

What is the difference between a Session and a Cookie?

What circumstances should each be used?

Answer 1

Cookie is a client side storage of your variables. It stored on client machine by browser physically. It's scope is machine wide. Different users at same machine can read same cookie.

Because of this :

1. You should not store sensitive data on cookie.
2. You should not store data that belongs to one user account.
3. Cookie has no effect on server resources.
4. Cookie expires at specified date by you.

Session is a server side storage of your variables. Default, it stored on server's memory. But you can configure it to store at SqlServer. It's scope is browser wide. Same user can run two or more browsers and each browser has it's own session.

Because of this :

1. You can save sensitive data in session.
2. You should not save everything in session. it's waste of server resources.
3. After user closes browser, session timeout clears all information. (default is 20 minutes)

Answer 2

Its possible to have both: a database primary key is hashed and stored in a lookup table: then the hash is stored on the client as a cookie. Once the hash cookie (hahhahaha :) is submitted, its corresponding primary key is looked up, and the rest of the details are associated with it in another table on the server database.