The biggest difference between a session and a cookie is:
1. Save in different locations
The session is stored in the server's memory, and the cookie is stored in the browser or client file;
2. Different life cycle
Session is an access-based process that records the start-to-finish of an access, when the browser or process is closed, the session "disappears", and the cookie is used more to identify the user, it can be long-term for users to track and identify unique users (unique Visitor).
3. Different security
Cookies are not very secure, and others can analyze cookies stored locally and make cookie spoofing, taking into account that security should use the session.
4. Different consumption resources
Session will be stored on the server for a certain amount of time, and when the access is increased, it will occupy the performance of your server. The cookie should be used in consideration of mitigating server performance .
5. Different size limit
the limit for a single cookie on the client is 3K, which means that a site cannot store more than 3 K of cookies on the client .
In short, if the cookie mechanism is to check the customer's "pass" to determine the customer identity, then the session mechanism is to check the server on the "Customer schedule" to confirm the customer identity.
From for notes (Wiz)
Session Management The difference between -0.2.session and cookies