🍪 Cookies and Sessions (Web Engineering)

---

📌 1. Definition

🍪 Cookies

A cookie is a small piece of data stored in the user’s browser by a website to remember information about the user.

🔐 Sessions

A session is a server-side mechanism used to store user data temporarily on the server during a user’s interaction with a website.

---

🎯 2. Key Difference Idea

Cookies → Stored in Browser (Client-side)
Sessions → Stored on Server (Server-side)

---

🍪 3. Cookies

---

📌 3.1 How Cookies Work

Browser → Request → Server
Server → Sends Cookie → Browser stores it
Next request → Cookie sent back automatically

---

🧠 3.2 Characteristics of Cookies

• Stored in browser
• Small size (about 4KB)
• Can expire
• Sent with every HTTP request

---

⚙️ 3.3 Types of Cookies

1. Persistent Cookies

• Stored for a long time
• Have expiration date

2. Session Cookies

• Deleted when browser closes

---

💡 3.4 Example (PHP Cookie)

setcookie("user", "Ali", time() + 3600);

---

📈 3.5 Advantages of Cookies

• Remember user preferences
• Faster login experience
• Personalized content

---

❌ 3.6 Disadvantages of Cookies

• Security risks
• Limited storage
• Can be deleted by user

---

🔐 4. Sessions

---

📌 4.1 How Sessions Work

User → Login → Server creates Session ID
Server stores data → Browser stores Session ID only

---

🧠 4.2 Characteristics of Sessions

• Stored on server
• More secure than cookies
• Ends when user logs out or times out
• Uses Session ID

---

⚙️ 4.3 Example (PHP Session)

session_start();
$_SESSION["user"] = "Ali";

---

📈 4.4 Advantages of Sessions

• More secure
• Stores large data
• Controlled by server

---

❌ 4.5 Disadvantages of Sessions

• Uses server memory
• Can slow down server with many users
• Ends after timeout

---

🔄 5. Cookies vs Sessions (Very Important)

Feature	Cookies 🍪	Sessions 🔐
Storage	Browser	Server
Security	Less secure	More secure
Size	Small (4KB)	Large
Expiry	Can be set	Ends on logout/time
Speed	Faster	Slightly slower
Control	Client-side	Server-side

---

📊 6. Working Diagram (Exam Use)

Cookies:
User ↔ Browser ↔ Server

Sessions:
User ↔ Browser (Session ID) ↔ Server (Stores Data)

---

⚠️ 7. Important Points

✔ Cookies store user preferences ✔ Sessions store sensitive data ✔ Cookies are less secure ✔ Sessions are more secure ✔ Both are used for state management in HTTP (stateless protocol)

---

🧠 8. Why Needed?

👉 HTTP is stateless, meaning it does not remember users. ✔ Cookies and Sessions solve this problem.

---

❓ 9. Likely Exam Questions

Short Questions

1. What are cookies?
2. Define session.
3. Difference between cookies and sessions.
4. What is session ID?
5. What is the use of cookies?

Long Questions

6. Explain cookies with example.
7. Explain sessions with example.
8. Compare cookies and sessions in detail.
9. How do cookies and sessions manage state in web applications?
10. Discuss advantages and disadvantages of cookies and sessions.

---

📝 10. Summary / Quick Revision

• Cookies = stored in browser
• Sessions = stored on server
• Used for state management
• Cookies: faster but less secure
• Sessions: secure but use server resources

👉 Both are essential for login systems, user tracking, and personalization in web applications.

---