What is the difference between session and cookies?

Cookies are small text files that websites store on a user’s device. They contain data about the user’s interaction with the website and help recognize the user and remember their preferences, like language, color, theme, etc. On the other hand, a session is a way for websites to remember the user’s visit while they are actively browsing.

Here are the main differences between session and cookies:

SessionCookies
Storage locationStored on the server side and exists as long as user’s sessionStored on the client side (user device) and sent back to the website with each request the user makes
LifespanExpires as soon as the user ends the session or closes the browserExpires after a specified duration
Storage sizeCan store 120MB of dataCan store only 4KB of data
Storage formatStores data in binary or encrypted formStores data as text files
SecurityData stored in encrypted form can only be decrypted at the serverLess secure than session. Stored data can be read by anyone with unauthorized access

Most websites save session IDs as cookies and such cookies are called session cookies as they last for a session. Unlike other cookies, session cookies are never stored on your device.