When should I use session variables instead of cookies?

Question

Session variables and cookies seem very similar to me. I understand the technical differences, but how do you decide when to use one vs. the other?

Answer 1

Most of the time, session state is persisted using cookies. So it's not really a question of one or the other, but how to use them together.

Using your framework's session infrastructure may make things easier, but tracking state manually with cookies usually gives you finer grained control. The correct solution depends on what you're trying to accomplish.