Lord Codex's blog
Exploring the Distinctions: Sessions vs. Cookies in Web Development

Exploring the Distinctions: Sessions vs. Cookies in Web Development

Web Development Essentials: Navigating Cookies and Sessions

LordCodeX's photo
LordCodeX
·

6 min read

Overview

In most browsers today, cookies and sessions are created to store information about a website user. Since HTTP is a stateless protocol as it treats each user’s request as a unique one, it is important to use cookies and sessions to maintain a state such that when a user sends a request to the server, the server can know and return the user-specific information and preferences. It is also important to know that they provide a convenient browsing experience for internet users.

Introduction

A cookie is a little text file that stores information about a website user. They are mostly saved on the computer and their maximum size is 4kb which means they are very small. if a user decides to visit or interact with a website, data packets are sent to the computer in the form of a cookie.

“The information stored in cookies is in a text format, hence making it less secure”

Everyone can see cookies on your browser, making it easy for hackers to manipulate a user's information. We can decide to disable or allow cookies on our browsers when we want to.

Why do we use cookies?

Cookies are used to remember a specific user such that each time the user sends a request to the server, the server remembers the user that sends the request and returns the specific user information and preferences which is later stored on the user's local machine as a cookie.

Let's say you visit YouTube. You watch five videos on football greats (Let's say Cristiano Ronaldo). The next time you visit YouTube, YouTube now gives you related videos on Cristiano Ronaldo on your homepage. Why did that happen? It happened because of the cookies that are stored on your browser.

Types of cookies

Session Cookies

Session Cookies are cookies that can outlast as long as the user is interacting with the website. But when the user quits or exits, the browser automatically deletes the session cookies. They remain on the browser only when we are engaging with the website. They expire when there is no engagement from the user (an idle timeout which is usually set on the server).

Persistent Cookies

Persistent Cookies are cookies that are used to get a tracking activity of a specific user. They still last on the browser even when there is no session from the user for a long time. When a user sends a request, the initial value that is set in the cookie is sent to the server. This is a way the server can save specific information about the user such as how the user initially came to the website and the user preferences. They can also be called Tracking cookies.

Third-Party cookies

Third Party Cookies are cookies that are set by a different web address or domain than the one the user is visiting. They are mainly used by advertising agencies especially those that are looking to get information on users that use a particular product or service.

HTTP Cookies

HTTP cookies are cookies that are sent by the server when the user makes a request just to identify the user that makes the request.

Session:

A session is a data file created to store information for the server's use. It usually begins when a user is actively logged into a web application and ends when the user logs out or exits the application. The session variables are something that store our data in binary format; hence, making our information more secure. But if a user decides to log out or shut down his computer, the session variables for that specific user become automatically deleted.

Why do we use sessions?

They are used as an alternative in browsers that don’t allow the use of cookies and they are utilized for storing information more securely over the server where it cannot not be tampered with..

What makes up a session?

  • Server-side:

    The server side is basically where sessions are managed and stored as sessionID(a unique identifier for a specific user that makes the session). The server deals with the request sent by each user and returns the session ID (unique identifier) as a cookie to the user browser which contains the user-specific information and preferences.

  • Session ID:

    Session IDs are unique identifiers for each user that makes a session. They help the server to recognize a specific user session. They can also be stored in a database. Let's say you are in a school and you see different activities going on and you are told to join a specific activity. You decide to join one and you are given a unique sportswear for that special activity. The School is the server, the individual activity is the web domain or address, and the unique sportswear is your session ID.

  • Session Variables: Session Variables are variables that store the data type which are maintained across subsequent web pages. With session variables, users' specific information is kept and preserved from page to page as the user interacts with the web application. They get destroyed or deleted when a user closes the browser window or if the maximum time allotment set for the session lifespan is exceeded

Differences between Sessions and cookies

  • Cookies are smaller and they hold 4kb in size. Sessions are bigger and they can hold 128 MB in size.

  • Sessions get destroyed or deleted when a user closes the browser tab or logs out of an application while cookies still last for a long time depending on the lifespan

  • Sessions store data in a binary format which makes them way more secure. Cookies store data in textual format which can be altered or manipulated if an attacker or hacker gains access to the user's computer.

  • A function is used to initiate a session, while cookies are typically stored on a user's machine and do not require a function.

Creation of Cookies and Sessions

This diagram below can be used to simply illustrate how sessions and cookies are created using HTTP Protocol.

Conclusion

We looked at how sessions differentiate from cookies and how they are utilized to provide a good browsing experience. sessions and cookies are both fundamental tools for managing user data in web applications, but they serve distinct purposes. Sessions are server-side storage mechanisms that maintain user data for the duration of a user's visit, ensuring data security and persistence. Cookies, on the other hand, are client-side text files that store small pieces of data, often for extended periods, enabling features like persistent logins and user tracking. Understanding these distinctions is crucial for web developers to make informed decisions about which tool best suits their specific needs in creating efficient and secure web experiences.

Web DevelopmentTechnical writing cookiesWeb3