Differences between cookies and sessions?

Question

I am training in web developement and am learning about JSP & Servlets. I have some knowledge of HttpSession - I have used

Answer 1

Google JSESSIONID. This will explain how the Servlet API initially uses URL re-writing and then, if cookies are enabled, cookies to manage sessions.

HTTP is stateless so the client browser must send the id of its session to the server with each request. The server, through whatever means, uses this id to retrieve any data for that session making it available for the lifetime of the request.

Answer 2

Cookies are stored in browser as a text file format.It is stored limit amount of data.It is only allowing 4kb[4096bytes].$_COOKIE variable not will hold multiple cookies with the same name

we can accessing the cookies values in easily.So it is less secure.The setcookie() function must appear BEFORE the

<html> 

tag.

Sessions are stored in server side.It is stored unlimit amount of data.It is holding the multiple variable in sessions. we cannot accessing the cookies values in easily.So it is more secure.

Answer 3

Sessions are server-side files that contain user information, while Cookies are client-side files that contain user information. Sessions have a unique identifier that maps them to specific users. This identifier can be passed in the URL or saved into a session cookie.

Most modern sites use the second approach, saving the identifier in a Cookie instead of passing it in a URL (which poses a security risk). You are probably using this approach without knowing it, and by deleting the cookies you effectively erase their matching sessions as you remove the unique session identifier contained in the cookies.