Difference Between a Cookie and a Session

In PHP, the chosen data of the user, which can be used on multiple sites can get stored in both session and cookie. Numerous websites use cookies and sessions to save the information of a user across various pages of the website.

Cookies and sessions are both important as they record the data provided by the user for different reasons. To know what’s best for you; it is important to know the difference between these two.

The main difference between a cookie and a Session is that a cookie is saved on the user or client’s side whereas a session is saved on the server’s side. Cookies are sent by the web servers to their client which is in form of small text or information whereas, sessions are briefly used to store the data which are further used in various sites.

A Cookie vs A Session

A cookie is a small form of information that is stored on the reserved on the user’s PC with 4KB as the maximum size. It helps the websites to be informed about the activities and browsing history of the user when they open their website.

Cookies can only store the ‘String’ type of data.

Sessions are used to momentarily preserve the data of the user on the server, which can further be used on multiple sites. Sessions are the total time that has been used to perform an activity.

The session of the user begins when he logs in to the application and finishes when he logs out and is stored in binary form.

Parameters of ComparisonCookieSession
DefinitionCookies are text files that are stored on the user’s computer.Sessions store the data of the user for further usage purposes.
SecurityCookies are not safe as they can be accessed and tampered with easily.Sessions have good security factors as the data is stored in encryption.
VariablesTo obtain the data from the cookies in PHP, the global variable $_COOKIE is used.For setting a session data in PHP, the global variable $_SESSION is used.
StorageCookies can store up to 4KB of data..Sessions of the browser can store up to 128 MB of data.
ExpiryThe user sets the lifetime of a cookie for it to end.When a user leaves or logs out  from the website, the session ends.

Cookies are small file that contains texts, which is stored in the computer of the user. The size of a cookie can be up to 4KB maximum. HTTP cookies, web cookies, and internet cookies are the other names of cookies.

Every time a user logs into some application or website for the first time, that particular site sends a bunch of information in cookie form to the user’s computer.

These cookies keep track of all the activities and browsing when the user opens a site. The data is stored in string type. The data collected in cookies are not considered to be safe as the data is stored in texts, which are easily accessible.

The users get to enable or disable the cookies whenever they want. A user who generates a cookie is the one who can view that cookie and no one else.

By using an HTTP header, cookies are made and shared among the server and browser. The browser decides the location for the cookies to be saved, as Internet explorer saves them in Temporal Internet File Folder.

When we search and play some songs on YouTube, the cookies read the data and shows the same songs or similar recommendations next time when YouTube is opened.

What is a Session?

Sessions are used to briefly store the data on the server for it to be used on numerous sites.

In simple terms, sessions are the time users for doing an activity, and the time starts when the user opens any website or application and ends when he closes that site or shuts down the computer.

While surfing through the applications on the internet, the web server does not identify the user as the state is not maintained by the HTTP protocol.

The data gave by the user on the home page or any other page of the application will not get relocated to other pages. Sessions are used for removing this limitation.

The data of the user can be stored in session variables, which can be of any type. The data stored through session variables are in binary forms or encryptions at the server which makes the data safe from the third party.

The session value gets disconnected mechanically when the person using the application shuts down the PC or logs out from that application. For the session values to get stored permanently, they are needed to be stored in the database.

Every session is different for every user, and a huge number of sessions can be used in a single application as there are no restrictions to it.

With the help of a session, a user is identified, which is a unique number saved as a cookie, form field, or URL in the server.

  1. Cookies are not dependent on sessions whereas sessions are dependent on cookies.
  2. A cookie has a maximum storage of 4KB, whereas, a session can store data up to 128 MB in single-use.
  3. A cookie ends at a specific time that has been set for it to be expired whereas a session expires when the user closes the application.
  4. In PHP, for deleting the data from a cookie, an expiration date is set beforehand, whereas for deleting data from sessions, the session_destroy() function is used.
  5. The data stored in cookies is not secured as it’s in the text from which can be easily tampered with whereas the data stored in sessions are in form of binary which only the user can access.


In conclusion, although both cookies and sessions are a form to store data on the server or web pages, they differ in the way the data is accessed.

The data stored in cookies are saved only on the client’s side whereas, the data in sessions are stored on both sides.

Cookies are considered to be less safe as it third party can tamper with the data while sessions are in encrypted form which only the user can view. whereas sessions also save the passwords on the computer and form data so that whenever the user opens some application, that application won’t ask for logging in again.


  1. https://ieeexplore.ieee.org/abstract/document/8392612/
  2. https://link.springer.com/chapter/10.1007/978-1-4842-3489-1_8
Search for "Ask Any Difference" on Google. Rate this post!
[Total: 0]
One request?

I’ve put so much effort writing this blog post to provide value to you. It’ll be very helpful for me, if you consider sharing it on social media or with your friends/family. SHARING IS ♥️