Session vs. Cookies| Difference between Session and Cookies
The Session and cookies are used by different websites for storing user's data across different pages of the site. Both session and cookies are important as they keep track of the information provided by a visitor for different purposes. The main difference between both of them is that sessions are saved on the server-side, whereas cookies are saved on the user's browser or client-side. Apart from this, there are also various other differences between both. In this topic, we will understand the detailed description of sessions and cookies and how both are differentiated from each other.
What is a Session?
- A session is used to temporarily store the information on the server to be used across multiple pages of the website. It is the total time used for an activity. The user session starts when he logs-in to a particular network application and ends when the user logs out from the application or shutdowns the system.
- When we work on an application over the internet, the webserver doesn't know the user because the HTTP protocol does not maintain the state. The information provided by the user on one page of the application (Let's say Home) will not be transferred to another page. To remove this limitation, sessions are used. Session gets started whenever a visitor first enters a website.
- The user information is stored in session variables, and these variables can store any type of value or data type of an Object.
- Session values are much secured as these are stored in binary form or encrypted form and can only be decrypted at the server. The session values are automatically removed when the user shutdowns the system or logout from the application. To store the values permanently, we need to store them in the database.
- Each session is unique for each user, and any number of sessions can be used in an application; there is no limitation to it.
- The user is identified with the help of sessionID, which is a unique number saved inside the server. It is saved as a cookie, form field, or URL.
Working of Session
The working of a session can be understood with the help of the below diagram:
- In the first step, the client request to the server via GET or POST method.
- The sessionID is created on the server, and it saves the sessionID into the database. It returns the sessionId with a cookie as a response to the client.
- Cookie with sessionID stored on the browser is sent back to the server. The server matches this id with the saved sessionID and sends a response HTTP200
Why Use Session?
- Sessions are used to store information such as UserID over the server more securely, where it cannot be tempered.
- It can also transfer the information in the form of value from one web page to another.
- It can be used as an alternative to cookies for browsers that don't support cookies to store variables in a more secure way.
What is Cookie?
- A cookie is a small text file that is stored on the user's computer. The maximum file size of a cookie is 4KB. It is also known as an HTTP cookie, web cookie, or internet Cookie. Whenever a user visits a website for the first time, the site sends packets of data in the form of a cookie to the user's computer.
- The cookies help the websites to keep track of the user's browsing history or cart information when they visit their sites.
- It stores only the "String" data type.
- The information stored within cookies is not secure because this information is stored in text-format on the client-side, which can be read by anyone.
- We can enable or disable the cookies as per the requirement.
- The cookies generated by a user are only be shown to them, and no other user can see those cookies.
- Cookies are created and shared between the server and browser with the help of an HTTP header.
- The path where the cookies are saved is decided by the browser, as Internet explorer usually stored them in Temporal Internet File Folder.
- When we visit YouTube channel and search for some songs, next time whenever we visit YouTube, cookies read our browsing history and shows similar songs or last played songs.
Creating Cookies with PHP
To create a cookie in PHP, we need to use the setcookie() function, and it must appear before the <html> tag. The syntax of this function is given below:
setcookie("Userid", "1005", "time()+3600");
- Name: It defines the name of the cookie.
- Value: It defines the value of the cookie.
- Expire: It specifies the time when the cookie will expire. If it is not used or set as 0, cookies will be deleted at the end of the session.
- Path: It defines the server path of the cookie. If it is set to "/", the cookie will be available within the complete domain.
- Domain: It defines the domain name of the cookies. If we set it "javatpoint.com", it will be available for all subdomains of javatpoint.com.
- Secure: It specifies that if the cookies are only transmitted over HTTPS or not. If it is set True, it means cookies will only be set for the secured connection.
- HTTPOnly: If it is set to TRUE, the cookies will be accessible through the HTTP protocol.
Key Differences between Session and Cookies
- Sessions are server-side files that store the user information, whereas Cookies are client-side files that contain user information on a local computer.
- Sessions are cookies dependent, whereas Cookies are not dependent on Session.
- The session ends when the user closes the browser or logout from the application, whereas Cookies expire at the set time.
- A session can store as much data as a user want, whereas Cookies have a limited size of 4KB.
Difference table between Cookies and Session
|A session stores the variables and their values within a file in a temporary directory on the server.
||Cookies are stored on the user's computer as a text file.
|The session ends when the user logout from the application or closes his web browser.
||Cookies end on the lifetime set by the user.
|It can store an unlimited amount of data.
||It can store only limited data.
|We can store as much data as we want within a session, but there is a maximum memory limit, which a script can use at one time, and it is 128 MB.
||The maximum size of the browser's cookies is 4 KB.
|We need to call the session_start() function to start the session.
||We don't need to call a function to start a cookie as it is stored within the local computer.
|In PHP, to set a session data, the $_SESSION global variable is used.
||In PHP, to get the data from cookies, the $_COOKIE global variable is used.
|In PHP, to destroy or remove the data stored within a session, we can use the session_destroy() function, and to unset a specific variable, we can use the unset() function.
||We can set an expiration date to delete the cookie's data. It will automatically delete the data at that specific time. There is no particular function to remove the data.
|Sessions are more secured compared to cookies, as they save data in encrypted form.
||Cookies are not secure, as data is stored in a text file, and if any unauthorized user gets access to our system, he can temper the data.
From the above discussion, we can have a better understanding of cookies and sessions and the differences between them. Hence, we can conclude that session is a way to temporarily store the user information on the server-side, whereas cookies store the information on the user's computer until it expires.