DEV Community

Cover image for Sessions or Cookies?

Sessions or Cookies?

Enakshi Pal on June 11, 2021

Are you aware of the term ‘Session’? Let me guess! A session according to you might be, a period devoted to a particular activity, right? You are r...
Collapse
 
nicolus profile image
Nicolus

Hi, thanks for the article !
I think a few things could be clarified though :

As @vishalraj82 pointed out, sessions actually use cookies, the way session works is that they generated a unique identifier, store some data with this identifier on the server, and then store the identifier in a session cookie. That way whenever the browser makes a request it will give back the cookie, and the server can now which session corresponds to this user. You explained the concept in the article, but without mentioning that the way the id is store is in a cookie, which I think is a really important thing to know.

Also it means that :

Sessions maintains your information until you are on the particular web page. Once you close it, the session is being destroyed.

This is true in most cases, but it's not necessarily the case : A session maintains your information until it expires on the server (which is usually a predefined number of minutes since the last request with this particular session) or until the cookie expires in the browser. You could store your session id in a permanent cookie and make it so it never expires on the server if you really wanted to.

And that

Whereas, you (the user) cannot disable or enable sessions whenever you want.

Is wrong : If you delete all your cookies this will disable the session. The data will still exist on the server, but since it has no way to link it to your browser it's become useless.

Antother point is that :

Since HTTP is a stateless protocol, it does not keep track about the past or future commands. So, sessions here, play an important role for the servers to maintain the session state.

I would argue that as soon as you use cookies HTTP can be considered stateful, since the information contained in the cookies is sent back with every request. Cookies allow you to make a stateful app just as much as sessions

Collapse
 
vishalraj82 profile image
Vishal Raj

@nicolus Nice insights. @enakshi_pal Hope you find these useful.

Collapse
 
enakshi_pal profile image
Enakshi Pal

Yes. Thank you all for simplifying it! :)

Collapse
 
youpiwaza profile image
max

Yup, pretty nice corrections overall :)

Collapse
 
enakshi_pal profile image
Enakshi Pal

Hey! Thanks for the insights. Got more clarity on this. :)

Collapse
 
galviner profile image
galviner

Sweet and simple I like it!
my game: cookie clicker

Collapse
 
enakshi_pal profile image
Enakshi Pal

Hey, thanks! I am glad you liked it! :D

Collapse
 
joyjit43 profile image
JOYJIT43

Very helpful for a layman to understand the complex concepts in simple words!!!
Thank you so much!

Collapse
 
enakshi_pal profile image
Enakshi Pal

Thank you. I am glad you liked my blog! :)

Collapse
 
vishalraj82 profile image
Vishal Raj

@enakshi_pal Nice article. Just quick info that even with sessions, an identifier cookie is tagged along in each http request, so that sever can identify and match the session.

Collapse
 
enakshi_pal profile image
Enakshi Pal

Thanks for adding in! I am glad you liked it! :)

Collapse
 
bhavanaeh profile image
Bhavana

I've always been confused about the difference between sessions and cookies! Thanks for clarifying the difference in such simple terms :)

Collapse
 
enakshi_pal profile image
Enakshi Pal

Even I was confused until I penned it down :")
I am glad, you liked it. 😊

Collapse
 
enakshi_pal profile image
Enakshi Pal

Thanks! I am glad you liked it!