What’s the difference between Sessions and Cookies

Asked

Viewed 4,940 times

16

What’s the difference between Sessions and Cookies? Under what circumstances should I use?

  • Session is used for user authentication and cookies are usually used to store some data from websites, such as advertisements and other types. (Basically)

2 answers

13


Cookies

In a very simplified way, cookies are small data that is sent by the Web server to a client, so that this client returns the same data in the next (s) request(s)).

When to use? Basically when you need a small data that is returned by the customer in the following requests. Be a mere piece of information that he’s seen one popup annoying, be an inhibitor not to tell a new visit.

Cookies are generally unreliable. They may be stored for days, or the customer may simply not accept them (actually do not return or write the data), or even the user may modify this data.

As the question is a comparison between two different things, I won’t go into deep details of what a Cookie is, but here’s some more information:

Indications of use of cookies?

https://en.wikipedia.org/wiki/HTTP_cookie

Sessions

"Sessions, "probably in the intended context of the question, are usually related to keeping user data in an application, even if it changes page.

Naturally, web applications are composed of pages totally independent of each other. Eventually some pages may send information to the following, for example in forms, in the form of parameters query (GET method), or in the body of requests (POST method).

In addition, the most modern applications make AJAX requests, which are similar to GET, POST and other methods, but without leaving the page.

These techniques alone are somewhat limited to maintaining more complex states, such as a shopping cart, or to know if the user has done login the concept of Sessions

The question refers to C#, but from the "beginnings" of Web applications, for example with classic ASP, the sessions were used basically in two ways: Or including a "special number" in all links and forms, which identified that user, loading the information to the following pages, and/or using Cookies. The techniques remain similar today, regardless of the language used.

In more complex cases, it can be validated if the user’s browser always identifies itself in the same way, or if the IP of each request is always the same, each technique with its advantages and disadvantages.

What matters in this context is that always, when having a new page requested, the server knows that there is a continuity between the previous requests made by the same user.

How the session works in web browsers?

What is the difference, in practice, between Session and Application?

How to Manage Session in C# desktop and non-web applications?

4

Cookie is a storage engine for your client-side variables. It is physically stored on the client’s computer by the browser. Different users on the same computer can read/use the same cookie.

On that account (some comments):

  • You should not store sensitive data in the cookie.
  • You should not store data that belongs to a user account.
  • Cookie has no effect on server resources.
  • Cookie expires on the date you specify.

To Session is also a storage engine for your variables, but on the server side. By default, Session stores your data in the server memory. But you can configure to store it by SQL Server, for example. The same user can run two or more browsers and each browser has its own session.

That is to say:

  • You can save sensitive data in session.
  • You should not save everything in session. that is a waste of server resources.
  • After the user closes the browser, the timeout will cause all information to be deleted. By default, this time is 20 minutes.

The usage circumstance will depend on your scope and what you will store...

Browser other questions tagged

You are not signed in. Login or sign up in order to post.