A session is essentially an instance of a user/clients interaction with a server.
The server can persist this unique "locker" of information for each client in a number of ways; in memory, files in a tmp/ directory, in a database etc...
Then, a cookie is stored within a client/your browser that has the servers session_id written to it automatically. You would then store a user ID in this cookie upon successful login for example.
From there, you can look up the user by ID once they close their browser and re-visit, without the user having to re-auth.
Let me know if I'm missing anything. This is a great article that I stole the "locker" term from: machinesaredigging.com/2013/10/29/...
We’re a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.