Since session and cookies are both used to store temporary data, what is the difference between them?
+4
A:
Cookies are stored on the client as either small text files on the files system (persistent cookies) or in the browsers memory (non-persistent cookies) and passed to the server and returned to the client with each request and response. Persistent cookies will still be available between browser sessions as long as the expiry date has not passed. Non-persistent cookies will be lost once the browser is closed.
Session is stored on the server in memory. Cookies are very often used as a way of preserving the reference to the users session between requests however this can also be done with querystring parameters if cookies are disabled on a clients browser.
Andy Rose
2010-09-24 12:59:50
In memory?? ___
Álvaro G. Vicario
2010-09-24 13:00:51
@Alvaro G. Vicario - in memory. Either in the RAM allocated to the application through its web server, in storage memory through a database session store, or in some other RAM/Isolated storage related to a session state server.
Joel Etherton
2010-09-24 13:05:20
Apparently, they can be in memory - http://www.cookiecentral.com/faq/#1.1
Jeff O
2010-09-24 13:05:45
@Jeff, I referred to the *Session is stored on the server in memory* part, but it appears it was used as synonym for "storage".
Álvaro G. Vicario
2010-09-24 18:53:50
+1 This is so far the best answer.
Álvaro G. Vicario
2010-09-24 18:57:53
+3
A:
Cookies store a user's data on their computer.
Session implementations store a user's temporary data on a server (or multiple servers, depending on the configuration).
Jeff Sternal
2010-09-24 13:00:34
A:
Cookies are a small text file stored on the client that can hold domain specific information,
a session is held server side in either memory, a database or a seperate server and keyed via a session key, they are meant only to persist for a 'session' where as a cookie can persist for a length of time or indefinately therefore being usable in multiple sessions.
Pharabus
2010-09-24 13:01:09
+1
A:
Sessions are stored server side. You can have inproc sessions, which will be stored in memory, or you can store the sessions in an SQL database. You can read more here.
Cookies are stored on the client's computer. This means that it's not recommended to store important details in a cookie, because clients could easily manipulate them.
keyboardP
2010-09-24 13:02:10
A:
The main difference between data stored in session and cookies is that data stored in session is stored on the server side (user can't operate on such data), while cookies are stored on a client side. They might be manipulated somehow by user. If you have a really sensitive data - then store it in session. But all other data you can store in cookies not to overload the server.
Katalonis
2010-09-24 13:03:29
Since cookies are sent with every request (even for images and the like if you don't use a separate domain or subdomain for them), abusing cookies may cost a significant amount of extra bandwidth. If the session data is sucking up so much space that ram is becoming an issue, I'd be wondering if it is time to stuff that data into a database, rather than wondering if I can offload it to the client.
Brian
2010-09-24 13:39:34
+2
A:
In each HTTP response, the server has the opportunity to add a header Set-Cookie: {cookie-name}={cookie-data}; {cookie-options}.
The browser will, in every subsequent HTTP request (or as specified by the options), add a header Cookie: {cookie-name}={cookie-data}.
Request #1:
POST /auth/login HTTP/1.1
Host: www.example.com
username=Justice&password=pass1234
Response #1:
HTTP/1.1 307 Temporary Redirect
Set-Cookie: user_id=928
Location: http://www.example.com/dashboard
Request #2:
GET /dashboard HTTP/1.1
Host: www.example.com
Cookie: user_id=928
Response #2:
HTTP/1.1 200 OK
Content-Type: text/html
<html>
<head>...</head>
<body>...</body>
</html>
All future requests will also include the Cookie header.
Justice
2010-09-24 13:08:07
As a clarification, the options in the response `Set-Cookie` header determines *which* future requests include that `Cookie` header, whether all subsequent requests or a certain subset of them.
Justice
2010-09-24 13:47:21
It's funny this is the accepted answer. While it's a nice explanation about how cookies are born (although incomplete, since cookies can also be set by JavaScript thus skipping the `Set-Cookie` header) it doesn't even mention sessions! :)
Álvaro G. Vicario
2010-09-24 18:57:02
It's a partial answer, but it's the biggest piece of the whole answer. Confusion about the difference between cookies and sessions is often caused by confusion as to what, exactly, cookies are. Explain cookies, and dependent questions are often clarified.
Justice
2010-09-24 19:48:54
Yes, I skipped the JavaScript. I skipped secure, httponly, path, domain, expires, etc. as well. KISS.
Justice
2010-09-24 19:49:45
+6
A:
As for may knowledge:
If you set the variable to "cookies", then your users will not have to log in each time they enter your community.
The cookie will stay in place within the user’s browser until it is deleted by the user.
But Sessions are popularly used, as the there is a chance of your cookies getting blocked if the user browser security setting is set high.
If you set the variable to "sessions", then user activity will be tracked using browser sessions, and your users will have to log in each time they re-open their browser. Additionally, if you are using the "sessions" variable, you need to secure the "sessions" directory, either by placing it above the web root or by requesting that your web host make it a non-browsable directory.
The Key difference would be cookies are stored in your hard disk whereas a session aren't stored in your hard disk. Sessions are basically like tokens, which are generated at authentication. A session is available as long as the browser is opened.
hope following links will further clarifying your doubts
http://wiki.answers.com/Q/What_is_the_difference_between_session_and_cookies http://www.allinterview.com/showanswers/74177.html
Ravi shankar
2010-09-24 13:09:40
Note that the session key tends to be stored in a user's cookies. When the site needs to figure out which session a specific page request corresponds to it, it is usually looked up based on the user's cookies.
Brian
2010-09-24 13:36:57
It may happen that if session is not kill user did not need log in .simlar to cookies which you have written above .Then when cookies is killed and when session is killed?
Shalni
2010-09-24 13:54:26
+2
A:
They are not the same thing. A Session is a concept whereby the state of a single user's browsing session is stored.
Cookies are a good means of implementing this concept, thus the widespread practice of "Session cookies".
Venemo
2010-09-24 13:15:20