Difference between cookies and session

We use both Session and Cookies to maintain state between the page postbacks. We can achieve state management using 2 ways.

1. Client Side Technique: (using hidden fields, query string,view state and Cookies)

2. Server Side Technique: (using Session and Application)

Cookies will store data in client side either in browser or
in system hard disk.

Session will allocates memory in the web server and for every user server will allocates memory. So Session is per user based. You can refer the link

Difference between session,viwestate and cookies?[^]

Hi..
Sessions

Sessions are stored per-user in memory(or an alternative Session-State) on the server. Sessions use a cookie(session key) to tie the user to the session. This means no "sensitive" data is stored in the cookie on the users machine.

Sessions are generally used to maintain state when you navigate through a website. However, they can also be used to hold commonly accessed objects. Only if the Session-state is set to InProc, if set to another Session-State mode the object must also serializable.

Session["userName"] = "EvilBoy";

if(Session["userName"] != null)
  lblUserName.Text = Session["userName"].ToString();

Cookies

Cookies are stored per-user on the users machine. A cookie is usually just a bit of information. Cookies are usually used for simple user settings colours preferences ect. No sensitive information should ever be stored in a cookie.

You can never fully trust that a cookie has not been tampered with by a user or outside source however if security is a big concern and you must use cookies then you can either encrypt your cookies or set them to only be transmitted over SSL. A user can clear there cookies at any time or not allow cookies altogether so you cannot count on them being there just because I user has visited your site in the past.

//add a username Cookie
Response.Cookies["userName"].Value = "EvilBoy";
Response.Cookies["userName"].Expires = DateTime.Now.AddDays(10);
//Can Limit a cookie to a certain Domain
Response.Cookies["domain"].Domain = "codeproject.com";

//request a username cookie
if(Request.Cookies["userName"] != null)
   lblUserName.Text = Server.HtmlEncode(Request.Cookies["userName"].Value);

hope this helps ..:) :)

I think you will get more answers here

diff between cookies and sessions[^]
regards...:)

Hi...
The main difference between cookies and sessions is that cookies are stored in the user's browser, and sessions are not. This difference determines what each is best used for.
A cookie can keep information in the user's browser until deleted. If a person has a login and password, this can be set as a cookie in their browser so they do not have to re-login to your website every time they visit. You can store almost anything in a browser cookie. The trouble is that a user can block cookies or delete them at any time. If, for example, your website's shopping cart utilized cookies, and a person had their browser set to block them, then they could not shop at your website.

Sessions are not reliant on the user allowing a cookie. They work instead like a token allowing access and passing information while the user has their browser open. The problem with sessions is that when you close your browser you also lose the session. So, if you had a site requiring a login, this couldn't be saved as a session like it could as a cookie, and the user would be forced to re-login every time they visit.

You can of course get the best of both worlds! Once you know what each does, you can use a combination of cookies and sessions to make your site work exactly the way you want it to.
Thank U.

Both are state management techniques (used to maintain the state of the application since http is a stateless protocol). There are two types of state management techniques i.e. client-side and server-side state management techniques. The following are some of the differences:

Cookie:
1. Client-side state management technique, stored in on client's browser.
2. Can store text data.
3. Not suggestible for storing critical information.
4. Cookie doesn't have a self-expiry.

Session:
1. Server-side state management technique, stored in server.
2. Can stored an object.
3. Can be used for storing critical information.
4. Session expires after 20 mins by default or defined in web.config file.