Sessions are a combination of a server-side cookie and a client-side cookie, with the client-side cookie containing nothing other than a reference to the correct data on the server. Thus, when the user visits the site, their browser sends the reference code to the server, which loads the corresponding data.
This may seem a bit clumsier than just having a client-side cookie with all your data in, but there are a few advantages:
Your server-side cookie can contain very large amounts of data with no hassle - client-side cookies are limited in size
Your client-side cookie contains nothing other than a small reference code - as this cookie is passed each time someone visits a page on your site, you are saving a lot of bandwidth by not transferring large client-side cookies around
Session data is much more secure - only you are able to manipulate it, as opposed to client-side cookies which are editable by all
It is also important to note that sessions only last till the user closes their browser, whereas cookies can be configured to last longer. However, other than the above, there is not much difference between session data and cookie data for most purposes.
Next chapter: Choosing the appropriate option >>
Previous chapter: Cookies
Home: Table of Contents
Copyright ©2015 Paul Hudson. Follow me: @twostraws.