Session vs Cookie

Session vs Cookie

Sessions are server-side files that contain user information, while Cookies are client-side files that contain user information. Sessions have a unique identifier that maps them to specific users. This identifier can be passed in the URL or saved into a session cookie.

Most modern sites use the second approach, saving the identifier in a Cookie instead of passing it in a URL (which poses a security risk). You are probably using this approach without knowing it, and by deleting the cookies you effectively erase their matching sessions as you remove the unique session identifier contained in the cookies.

For information on how to securely implement Session and Cookie Management, please refer to https://www.owasp.org/index.php/Session_Management_Cheat_Sheet

http://stackoverflow.com/questions/359434/differences-between-cookies-and-sessions

Session vs Cookie

Leave a Reply

Your email address will not be published. Required fields are marked *