What is the difference between Sessions and Cookies

Cookies

In a very simplified way, cookies are small data that is sent by the Web server to a client, so that this client returns the same data in the following request (s) .

When to use? Basically when you need a small data that is returned by the client in the following requisitions. It is a mere information that he has already seen a boring popup , be an inhibitor not to tell a new visit.

Cookies are generally not reliable. They can be stored for days, or the customer may simply not accept them (not actually return or record the data), or even the user can modify this data.

As the question is a comparison between two distinct things, I will not go into deep details of what a Cookie is, but here is some more information:

Cookie Usage Guidelines

link

Sessions

"Sessions", probably in the intended context of the question, are usually related to keeping user data in an application, even if it changes pages.

Of course, Web applications are made up of pages totally independent of one another. Eventually some pages may send information to the following, for example in forms, in the form of query parameters (GET method), or in the request body (POST method).

In addition, more modern applications make AJAX requests, which are similar to GET, POST and other methods, but without leaving the page.

These techniques alone are somewhat limited to maintain more complex states, such as a shopping cart, or to know if the user has logged in on a system, so the concept of sessions

The question refers to C #, but picking up from the "beginnings" of web applications, for example with classic ASP, used the sessions in basically two ways: Or including a "special number" in all links and forms , which identified that user by uploading the information to the following pages, and / or by using Cookies. The techniques remain similar even today, regardless of the language used.

In more complex cases, it can be validated if the user's browser always identifies the same way, or if the IP of each request is always the same, each technique with its advantages and disadvantages.

What matters in this context is that, when having a new page requested, the server knows that there is a continuity between previous requests made by the same user.

How does the session in web browsers work

What is the difference, in practice, between Session and Application?

How to manage Session Session in C # desktop and non-web applications?

Cookie is a storage mechanism for your client-side variables. It is stored physically on the client computer by the browser. Different users on the same computer can read / use the same cookie.

Because of this (some comments):

• You should not store sensitive data in the cookie.
• You should not store data that belongs to a user account.
• The cookie has no effect on server resources.
• Cookie expires on the date you specify.

The Session is also a storage mechanism for your variables, but server-side. By default, the session stores its data in server memory. But you can configure to store by SQL Server, for example. The same user can run two or more browsers and each browser has its own session.

That is:

• You can save sensitive data in session.
• You should not save everything in session. which is a waste of server resources.
• After the user closes the browser, timeout will erase all information. By default, this time is 20 minutes.

The circumstance of use will depend on your scope and what you will store ...