Loading, please wait...

A to Z Full Forms and Acronyms

What are the difference between Sessions and Cookies?

In this article, we study the differences between sessions and cookies in Asp.net.

Difference between Sessions and Cookies


Asp.net Session state is a state management technique to store and retrieve values for a while the user travels within the webpages of a web application or a website. Each time a user sends a request to the server, the server treats that request as a new request. So, we need to maintain the state of a user, so that the server recognizes the user. Each URL sent to the server contains an id known as session-id. This session id is used by the server to recognize the user. If the session id is different, every time a request occurs to the server that means different users are requesting.

We can declare a session state ‘variable as shown below:

Session[“UserName”]= “Rashmi”;

Here the session state variable name is “UserName” and we pass a value to it. The session state variables are declared as key-value pairs

An important point to note is that there are two events associated with a session i.e. Session_Start( ) and Session_End( ).

  • Session_Start( ) – This event is fired whenever a new user visits the application i.e. a new session is started.
  • Session_End( ) – This event is fired whenever a session of user times out.


Cookies represent a client-side state management technique in Asp.net. Cookies store the data in the cache memory of the client machine in a text file. For e.g. if we visit any website on the internet and our browser has enabled the cookies for that website then that website will implant a cookie in the client’s machine which preserves the data related to the user activity in the user’s machine.

A cookie can be created using an object of the ‘HttpCookie’ class and then we store the values in a cookie in key-value pair.

  • HttpCookie mycookie = new HttpCookie();
  • mycookie[“UserName”] = ”Manisha”;
  • mycookie[“Password”] = ”password”;
  • Cookies.Add(mycookie);

Cookies are of two types- Persistent cookie and Non-Persistent Cookie

  • Persistent Cookies are also termed as permanent cookies that do not expire and hence do not have an expiration time. The permanent cookies are stored in the hard disk of a computer permanently.
  • Non-Persistent Cookies are the temporary cookies that get expired when their duration times out and hence have an expiration time. The non-persistent cookies are also termed as in-memory cookies and session-based cookies.

Difference between Cookies and Session



Cookies are the text files that store the user data and information on the client-side.

A session refers to a state management technique that stores the user data and information on the server-side.

A cookie stores the information until they deleted from the browser.

A session stores the data until the session is alive. As soon as we close the browser, the session is terminated and the data is lost.

A cookie expired depending on the lifetime we set for it.

A session expires as soon as we close the browser.

A cookie stores the data for future reference.

A session is not able to store the data for future reference because when the browser is closed, the session is timed out.

Cookies are independent of any session.

A session depends on a cookie.

Cookies can only store strings.

Sessions can store any type of data.

We use cookies in certain specific conditions keeping in mind the security reasons.

We use sessions for all the conditions or situations

Cookies do not have any id. They are the way to transmit session ids by default.

Every session is identified by unique session id.

Cookies stores the data in text format so it is not secure at all.

The session is secure because it is stored in binary format and transparent from the user.

There is a size limit for cookies data i.e. 4 KB. And also, most of the browsers limit the number of cookies to 20.

Sessions can store any amount of data in the server memory.








A to Z Full Forms and Acronyms

Related Article