Both cookies and sessions are available in any type of programming language like ASP.NET, and both accomplish much the same task of storing data across pages on your site. However, there are differences between the two that will make each favourable in their own circumstance.
A cookie is a small amount of data that is stored either in a text file on the client file system or in-memory in the client browser session. It contains site-specific information that the server sends to the client along with page output. Cookies can be temporary (with specific expiration times and dates) or persistent.
Cookies are saved on the client device and when the browser requests a page, the client sends the information in the cookie along with the request information. We do not store sensitive information in the cookies
We can write cookies in C# as follows :
0 1 2 | Response.Cookies["country"].Value = "CA"; Response.Cookies["country"].Expires = DateTime.Now.AddDays(1); |
Session is maintained on the server and with this server-based state management, we can decrease the amount of information sent to the client in order to preserve state, however it can use costly resources on the server. Session is scoped to current browser session and each user session will have a different session. As we leave the browser then that user session will be expired immediately. In .NET, We can opt different session state mode in web.config to store session values.
0 1 2 | Session["FirstName"] = FirstNameTextBox.Text; Session["LastName"] = LastNameTextBox.Text; |
So in summary, these are the main differences: 1. Cookies are stored on client machine and Session is stored on server. 2. Cookies can store only string data instead Session can store data and object and references also but only InProc mode.In other mode, Object should be serialized. 3. Cookies can be store limited size data instead of session can store huge data. 4. Cookies are performance efficient while session consumes server resource that’s why if there are lot of users then it would be less efficient. 5. Persistent type of cookie will be exist even after closing the browser while session ends on closing the browser. 6. Cookies are the least secure than session due to storing data at client machine. Difference between a session and a cookie in ASP.NET is a common question asked in interview