Sessions vs. Cookies


Cookies are a way for a server to store information on the user’s machine. This is one way that a site can remember or track a user over the course of a visit. Think of a cookie as being like a name tag: you tell the server your name and it gives you a sticker to wear.Then it can know who you are by referring back to that name tag.
  • Cookies are limited to about 4 KB of total data, and each Web browser can remember a limited number of cookies from any one site. This limit is 50 cookies for most of the current Web browsers.
  • Each browser treats cookies in its own way. Be sure to test your Web sites in multiple browsers on different platforms to ensure consistency.
  • users can reject cookies or turn them off in the Web Browsers.


Data is stored on the server, not in the Web browser, and a session identifier is used to locate a particular user’s record (the session data). This session identifier is normally stored in the user’s Web browser via a cookie, but the sensitive data itself—like the user’s ID, name, and so on—always remains on the server.

Sessions have the following advantages over cookies.
  • They are generally more secure (because the data is being retained on the server).
  • They allow for more data to be stored.
  • They can be used without cookies.
Whereas cookies have the following advantages over sessions.
  • They are easier to program.
  • They require less of the server.
In general, to store and retrieve just a couple of small pieces of information, use cookies. For most of your Web applications, though, you’ll use sessions.



July 1, 2008 at 8:31 AM

Very good article! I have always wondered in which ways they differed.


Joey - http://www.leetwebmasters.com