Cookies Vs. Sessions

Before we learn how to create cookies and sessions it is important to understand the difference between these two similar (and yet very different) methods of storing information. And before we begin to explain that, let's get one very important detail out of the way; the kind of cookies that we will be discussing are no more edible than my keyboard. (And yes, my keyboard is plastic.)

The basic task of both cookies and sessions is to store visitor data so that it can be accessed by every page on a website. This data is usually provided by the visitor and used to customize the experience, including their visit statistics, identity, setting and/or preferences, etc.

Cookies are small files that are stored in the visitor's browser.
Cookies can have a long lifespan, lasting months or even years.
Cookies are limited in size depending on each browser's default settings.
Cookies can be disabled if the visitor's browser does not allow them (uncommon).
Cookies can be edited by the visitor. (Do not use cookies to store sensitive data.)

Sessions are small files that are stored on the website's server.
Sessions have a limited lifespan; they expire when the browser is closed.
Sessions are only limited in size if you limit their size on the server.
Sessions cannot be disabled by the visitor because they are not stored in the browser.
Sessions cannot be edited by the visitor.

In short, cookies serve as a temporary or long-term storage unit on the visitor's computer that should not contain sensitive information, and sessions serve as a temporary storage unit not on the visitor's computer that can hide sensitive information. For most tasks I find it efficient to use sessions and cookies together.

By giving each visitor a cookie with a unique ID, I can use that cookie to recognize each visitor when they return. I can then use sessions to handle the page-to-page data exchange that actually provides each visitor with their customized settings and information, which are provided by each visitor and stored in a database until they are reference by the unique ID stored in the cookie.

Now that's wasn't too hard to swallow, was it? But, now that you know the difference between sessions and cookies, feel free to skip over actually learning them, until you plan to use them... they are not yet vital knowledge.