Difference Between Cookies and Sessions

HTTP is stateless, which means that any data stored are destroyed when the client receives the page from the server and the connection is closed. Cookies and sessions are two solutions for this problem. Cookie is a very small piece of information that is stored on the client’s machine by the web site and is sent back to the server each time a page is requested. Session is a way of storing information on the server as opposed to on the client’s machine.

What are Cookies?

Netscape introduced the concept of cookies with their Netscape Navigator web browser. Cookie is a very small piece of information that is stored on the client’s machine by the web site and is sent back to the server each time a page is requested. Because cookies are sent back each time, a minimum amount of data must be saved in order to save bandwidth. A web site only reads the cookie written by it, thus providing a secure means of storing information across different pages. However, cookies did not receive a good name initially, because of rumors that claimed cookies could read all the information on the hard drive. Of course, this misconception faded away as people realized that cookies are actually harmless, and now they are highly accepted. Cookies have a certain life span defined by their creators. At the end of this, a cookie becomes expired. Cookies often track information like how frequently the user visits, what are the times of visits, what banners have been clicked on, user preferences, etc. Cookies are usually used to store information needed for shorter periods. If information like email addresses (which must be kept for longer periods) need to be stored, the programmer needs to use a database instead of cookies. However, if personal information does get stored in cookies, encryption needs to be used to improve security.

What are Sessions?

Session is another means of storing information across pages. But this is done in the server-side. Session actually uses a server-side and a client-side cookie to store data. But the client-side cookie only stores a reference to the corresponding data stored on the server. When the user visits the web site, client side cookie (with a reference number) is sent to the server, and server uses this number to load the data of the user. Server-side cookie can store large amounts of data. Since the client-side cookie stores only the reference number, bandwidth is saved immensely. Since session data is stored in the server, they are much more protected.

What is the difference between Cookies and Sessions?

Although cookies and sessions are two ways to store information across web pages, they have their differences. Cookies only store client-side cookies, while sessions use both client-side and server-side cookies. Sessions can store large amounts of data compared to cookies. Because sessions store only the reference number in the client’s machine, bandwidth usage is lower compared to using cookies. Session data is relatively more secure, because cookies can be manipulated by the user.