Sessions And Cookies


HTTP Cookies are an HTTP protocol feature that allow tracking of a key value pair in the browser. Use cookies as identifying tokens for users or for encrypted authentication data, so you can track users through a site. Cookies are created on the server as Response header and cached as a client header by the browser and sent on each request. Cookie data is not secure and can be inspected, so don't store sensitive data in cookies unless it is encrypted.


Session is a server side state meachanism that stores key value pairs in a table row on the server. Sessions use Cookies to track a user and attach a single cookie value that holds an ID to a session record on the server. You can save values on the server and restore them on subsequent hits which allows you to identify a specific user as she moves through the site. Sessions can store larger blocks of data but data is always serialized to a string so for complex data stored you need to store JSON or XML.

Cookie and Session Lifetime

Sessions and cookies both by default last for the duration of the browser session, but both Sessions and Cookies can be overridden to allow setting an explicit timeout. The Cookie and Session in this sample use the default. To demonstrate unload this browser instance and reload this in a new instance of the browser (or another browser) and you should see the count start over.

Cookies span browser tabs and multiple browser instances of the same browser. If you open this page in another browser tab the name and page count will continue to show up.