What are the difference between Sessions and Cookies?
Difference between Sessions and Cookies
Session
Asp.net Session state is a state management technique to store and retrieve values for a while the user travels within the webpages of a web application or a website. Each time a user sends a request to the server, the server treats that request as a new request. So, we need to maintain the state of a user, so that the server recognizes the user. Each URL sent to the server contains an id known as session-id. This session id is used by the server to recognize the user. If the session id is different, every time a request occurs to the server that means different users are requesting.
We can declare a session state ‘variable as shown below:
Session[“UserName”]= “Rashmi”;
Here the session state variable name is “UserName” and we pass a value to it. The session state variables are declared as key-value pairs
An important point to note is that there are two events associated with a session i.e. Session_Start( ) and Session_End( ).
- Session_Start( ) – This event is fired whenever a new user visits the application i.e. a new session is started.
- Session_End( ) – This event is fired whenever a session of user times out.
Cookies
Cookies represent a client-side state management technique in Asp.net. Cookies store the data in the cache memory of the client machine in a text file. For e.g. if we visit any website on the internet and our browser has enabled the cookies for that website then that website will implant a cookie in the client’s machine which preserves the data related to the user activity in the user’s machine.
A cookie can be created using an object of the ‘HttpCookie’ class and then we store the values in a cookie in key-value pair.
- HttpCookie mycookie = new HttpCookie();
- mycookie[“UserName”] = ”Manisha”;
- mycookie[“Password”] = ”password”;
- Cookies.Add(mycookie);
Cookies are of two types- Persistent cookie and Non-Persistent Cookie
- Persistent Cookies are also termed as permanent cookies that do not expire and hence do not have an expiration time. The permanent cookies are stored in the hard disk of a computer permanently.
- Non-Persistent Cookies are the temporary cookies that get expired when their duration times out and hence have an expiration time. The non-persistent cookies are also termed as in-memory cookies and session-based cookies.
Difference between Cookies and Session
Cookies |
Session |
Cookies are the text files that store the user data and information on the client-side. |
A session refers to a state management technique that stores the user data and information on the server-side. |
A cookie stores the information until they deleted from the browser. |
A session stores the data until the session is alive. As soon as we close the browser, the session is terminated and the data is lost. |
A cookie expired depending on the lifetime we set for it. |
A session expires as soon as we close the browser. |
A cookie stores the data for future reference. |
A session is not able to store the data for future reference because when the browser is closed, the session is timed out. |
Cookies are independent of any session. |
A session depends on a cookie. |
Cookies can only store strings. |
Sessions can store any type of data. |
We use cookies in certain specific conditions keeping in mind the security reasons. |
We use sessions for all the conditions or situations |
Cookies do not have any id. They are the way to transmit session ids by default. |
Every session is identified by unique session id. |
Cookies stores the data in text format so it is not secure at all. |
The session is secure because it is stored in binary format and transparent from the user. |
There is a size limit for cookies data i.e. 4 KB. And also, most of the browsers limit the number of cookies to 20. |
Sessions can store any amount of data in the server memory. |