- This topic is empty.
Viewing 2 posts - 1 through 2 (of 2 total)
Viewing 2 posts - 1 through 2 (of 2 total)
- The forum ‘Back End’ is closed to new topics and replies.
The forums ran from 2008-2020 and are now closed and viewable here as an archive.
What is the difference between a session variable and cookie?
tl;dr:
A “Session” is information, stored on the server, about a series of requests from the same client (user). With HTTP -web browsing- every request your browser makes starts with a “blank slate,” and knows absolutely nothing about previous requests. The server is the same way. Sessions were invented as a way to give web browsing state: context, or, a “memory,” so to speak.
Session information is simply saved on the server, usually in a text file, sometimes in a database or some other storage. The server has to identify each user request in order to make sure it gets the right session information for it. There are many ways to do this, but the most common (and secure) way nowadays is to use a cookie that holds the session id.
Cookies are small text files saved on the user’s browser. They are simple name=>value stores. Every cookie belongs to a particular website, and has an expiration and other rules about how the browser is supposed to use it (e.g., you can specify that a your cookie should be sent only over a secure connection). When you visit the same site again, if it has not expired, it is sent along with the request, and the server can use the information it holds.