Cookie

Cookie is a client side storage of your variables. It stored on client machine by browser physically. It's scope is machine wide. Different users at same machine can read same cookie.

• You should not store sensitive data on cookie.Not suggestible for storing critical information.
• You should not store data that belongs to one user account.
• Can store text data.
• Cookie expires at specified date by you.
• We can disable cookies
• Since the value is string there is no security
• Due to cookies network traffic will increase.Size of cookie is limited to 40 and number of cookies to be used is restricted to 20.

Session

Session is a server side storage of your variables. Default, it stored on server's memory. But you can configure it to store at SqlServer. It's scope is browser wide. Same user can run two or more browsers and each browser has it's own session.

• You can save sensitive data in session.Can be used for storing critical information.
• You should not save everything in session. it's waste of server resources.
• Can stored an object.
• After user closes browser, session timeout clears all information. (default is 20 minutes)
• we cannot disable the sessions.Sessions can be used without cookies also(by disabling cookies)
• The disadvantage of session is that it is a burden/overhead on server
• There is no limitation on size or number of sessions to be used in an application