Difference Between Similar Terms and Objects

The Difference Between a Cookie and a Session

The Difference Between a Cookie and a Session

This is a question that normally pops up for those new to web design or programming for the web.

Or maybe you’ve heard your cookies can get stolen, and you’re worried about the security implications?

Either way, it’s a valid question, and very easy to answer. Let’s jump in.

What is a Cookie?

A cookie is a client side file that contains information. This information could be the items in a shopping cart or a username and password combination. (1)

Beware though, there is a dangerous side to cookies.

I’ve heard a few horror stories of cookies being stolen. Public Wi-Fi hotspots can be prowling ground for hackers who steal your cookies. (2)

By stealing a cookie, a hacker can gain personal information about you. They can even steal your banking details. Yikes. (2)

It is best practice to delete your cookies before connecting to a Wi-Fi hotspot. Sure, it’s a bother to have to enter all your info again, but rather safe than sorry, right?

Just don’t forget your password, and don’t enter sensitive websites where your credit card details are stored when on a public Wi-Fi network. This should keep you safe.

What is a Session?

A session can have a lot of different definitions. For example, a session can be launched when you log onto your computer, and stopped when you shut down. (3)

In the context of programming, however, it is mostly used in PHP (which is a server side language). (3)

In this case a session is a variable piece of information stored on the server side of a website. This can either be a unit of variables, state or settings. (3)

Sessions are more secure than cookies, since they’re normally protected by some kind of server-side security. This does not make them infallible, however. Just look at the time the Playstation store was hacked.

It’s very rare that things like this happen, however. You can generally rest assured that your information will be safe on the server side.

Cookies and Sessions Hand-in-Hand

They may have their differences, but these two work hand-in-hand, mostly.

The session can hold onto your username and password, while you get a cookie stored on your PC. This cookie will have a specific id that links to the session the next time you go online. (4)

This is typically what happens when you check the “remember me” option whilst giving the site your username and password.

It’s also how it works when you’re shopping in an online store, and the store remembers the contents of your cart – even after you’ve logged off.

Security Concerns

You can encrypt your cookies to up security by a massive amount. Usually this means hiring a company or paying for a service that does this for you.

Doing it yourself, unless you’re a high-level programmer, will probably achieve nothing and you’ll just end up with a headache.

For more information on securing your cookies, you can check this post out.

 Now you know

There’s not much more to it than that. It’s pretty easy and basically boils down to:

  • Cookies = Client side
  • Session = Server side


Cookie Session
Client-side file Server-side file
Carries risk (unless secured) Secure
Remembers info until deleted by you or expiry Remembers info until web site time-out
Usually contains an id string Usually contains more complex information
Specific identifier links to server Specific identifier links to user


Sharing is caring!

Search DifferenceBetween.net :

Email This Post Email This Post : If you like this article or our site. Please spread the word. Share it with your friends/family.


  1. Thank you for your work, very interesting and useful article.

  2. Thnk you very much

Leave a Response

Please note: comment moderation is enabled and may delay your comment. There is no need to resubmit your comment.

References :


[1]https://en.wikipedia.org/wiki/Session_hijacking (only resource I could find, but I personally know this to be true)




Articles on DifferenceBetween.net are general information, and are not intended to substitute for professional advice. The information is "AS IS", "WITH ALL FAULTS". User assumes all risk of use, damage, or injury. You agree that we have no liability for any damages.

See more about : ,
Protected by Copyscape Plagiarism Finder