The Difference Between Cookies and

Sessions
The main difference between cookies and sessions is that cookies are stored in the user's
browser, and sessions are not. This difference determines what each is best used for.

A cookie can keep information in the user's browser until deleted. If a person has a login
and password, this can be set as a cookie in their browser so they do not have to re-login
to your website every time they visit. You can store almost anything in a browser cookie.
The trouble is that a user can block cookies or delete them at any time. If, for example,
your website's shopping cart utilized cookies, and a person had their browser set to block
them, then they could not shop at your website.

Sessions are not reliant on the user allowing a cookie. They work instead like a token
allowing access and passing information while the user has their browser open. The
problem with sessions is that when you close your browser you also lose the session. So,
if you had a site requiring a login, this couldn't be saved as a session like it could as a
cookie, and the user would be forced to re-login every time they visit.

You can of course get the best of both worlds! Once you know what each does, you can
use a combination of cookies and sessions to make your site work exactly the way you
want it to.

A session as you probably mean it is a server-side objects which stores state. You use it
in servlets to store and retrieve data. You keep hearing people saying HTTP is a stateless
protocol, right? They mean when you load a page, you're finished as far as the web server
is concerned. If you reload a page, the new request isn't associated in any way with the
previous one.
A cookie is a small piece of information a browser sends to a server with every request.

Most servlet containers use a cookie to identify a session.

1) The user's browser requests a servlet. (A servlet is running on the server side)

2) The servlet container creates a session.

3) The servlet gives the session a unique ID.

4) The servlet sets a cookie in the browser with this ID. (If cookie is disabled in the
browser, then server can make rewirteURL to keep the session information)

5) Let's say the servlet then store's the user's name in the session.
5) The user requests another servlet on the same server.

As part of the request, the cookie with the session ID is sent back to the server.

6) Since the servlet container is told which session to use, it makes it available again.

7) So servlet #2 can retrieve the user's name, since we put it in the session, and say, "Hi,
Bob."

Cookies are only simple text that is stored on the client with some useful data to identify
subsequent requests from the client and help the server to serve the client efficiently.
cookies can hold data like books bought during an http session until the session expires. if
you could store the nature of these books (e.g. fiction, technology etc.) then this data
could be used to know the browsing behaviour of the user.

Sessions are objects (not text files) that store data and regarding a particular session and
help the servlets to transfer this data to other servlet invocation so that the WEB
SERVER understands (or is made to understand) that these requests have come from the
same client. e.g. HttpSession objects are used to store such information.

There are two types of JavaSript cookies- permanent, and session-only. The first one
stores its information in a physical file on the client's computer called "cookie.txt", with
the stored data "permanently" available. Session only cookies, on the other hand, stores
information in the browser memory, and are available for the duration of the browser
session. In other words, the data stored inside a session cookie is available from the time
of storage until the browser is closed. Moving from page to page during this time does
not erase the data.

Persistent cookie
Also called a permanent cookie, or a stored cookie, a cookie that is stored on a user’s
hard drive until it expires (persistent cookies are set with expiration dates) or until the
user deletes the cookie. Persistent cookies are used to collect identifying information
about the user, such as Web surfing behavior or user preferences for a specific Web site.

Session cookie
Also called a transient cookie, a cookie that is erased when the user closes the Web
browser. The session cookie is stored in temporary memory and is not retained after the
browser is closed. Session cookies do not collect information from the user’s computer.
They typically will store information in the form of a session identification that does not
personally identify the user.

Persistent cookies are stored for a length of time that is set by the Web server when it
passes the cookie to Internet Explorer. These cookies are used to store state information
between visits to a site.

Per-session cookies are used to store state information only within a session. These
cookies are cached only while a user is visiting the Web server issuing the per-session
cookie and are deleted from the cache when the user closes the session.