DEV Community

loading...
Cover image for Sessions or Cookies?

Sessions or Cookies?

enakshi_pal profile image Enakshi Pal ・4 min read

Are you aware of the term ‘Session’? Let me guess! A session according to you might be, a period devoted to a particular activity, right? You are right! BUT…

Here we are going to discuss about Sessions in Computer Science. So, in Computer Science, the term ‘Session’ can be used in different contexts such as session layer, web sessions, connections etc.
But here we will look into the sessions used in web applications.

Primarily we know that, cookies store the user (our) information in form of texts in our computer. Sessions do the same BUT…

Sessions store the user (our) information temporarily at the web server. Didn’t sound convincing?

Basically, a Web Session is a sequence of adjacent events or actions done by a visitor on a particular website within a given time frame.

We can think of sessions in an easier way, i.e., Sessions can be considered as the time taken by the visitor to browse a particular website. It represents the time interval between the user’s first arrival on the web page and the time when the user closes the site.
Fact: A developer who codes for the website, initializes and sets the time limit of the session for almost around 5 mins or shorter. So, a single session doesn’t last beyond a certain duration.

After all of these, you might be wondering about the Whys, aren’t you?

Why do we need Web Sessions?

Because, sessions store user data in the form of session ID, which is unique for every user. Now, a curiosity might arise about where are these sessions being stored?

Like Cookies, are they also stored in user’s hard-disk (computer)?

No. These sessions are stored in the server-side. But, why Servers?

Because, on the internet, the server doesn’t know you, because the HTTP request sent to the server is stateless, i.e., it does not maintain the state (also the time interval you can say) of the user.

Let us understand this with a small example.

Let’s start from the moment you open your web page and search for an image. The moment you search for it, you sent a HTTP request to the server for the image you searched via the URL which is present at the top of the web page. Along with the http request, you send or tell your session ID to the server – “Hello there, it’s me [Your Name]!”, so that the server recognizes you.

After the server receives both the request and session ID, it checks your session ID and after verifying, the server sends you back the Session ID along with your desired output.

One interesting thing might amaze you now. Curious?

Did you know?

Sessions allow the server to manage session state.

Manage state? What does that even mean?

Since HTTP is a stateless protocol, it does not keep track about the past or future commands. So, sessions here, play an important role for the servers to maintain the session state.

Let us discuss a small instance.

Suppose you suspect that, somebody has logged in as you from another device, you got some notification via your mail and within that time all the other sessions got invalidated, i.e., “log me out everywhere” functionality worked. This happened because, Sessions got your back!

Another instance would be when you want to associate, not only your shopping browser but also the shopping cart with another device, you might log in to the other device, you will find all your account information and shopping cart information intact.

All of these happened because, Sessions got it again!

By now you might be thinking that if cookies could do the desired work, why need sessions?

If both Sessions and Cookies are THIS similar then,
Where is the difference?

Okay so, let’s have a sneak peek into the differences now!

1.Storage: Your website can store the cookies on your computer’s hard disk.
Whereas, Sessions are being stored in the server-side.

2.Time-duration: The cookie maintains your information until it is being deleted by you from your computer.
Whereas, Sessions maintains your information until you are on the particular web page. Once you close it, the session is being destroyed.

3.Disable or Enable: You (the user) can disable or enable (by clicking on ‘Accept Cookies’ on some websites) the cookies whenever you want. This can be done on the browser settings.
Whereas, you (the user) cannot disable or enable sessions whenever you want.

A Fact that might amaze you is…

Sessions are also known as Non-Persistent Cookies. Because they are saved on your browser while the browser is running.

After unfolding all the facts, we can say that both the sessions and cookies give the best of them. Despite of all the easy aspects of Sessions, we have to note that more the sessions save, more memory space it occupies.

Websites with more online users, create a pressure on the server memory and as a result they rely on cookies.

As a whole, we need both sessions and cookies to make our browsing experience smoother.

Have a safe browsing!

Discussion (11)

Collapse
nicolus profile image
Nicolas Bailly

Hi, thanks for the article !
I think a few things could be clarified though :

As @vishalraj82 pointed out, sessions actually use cookies, the way session works is that they generated a unique identifier, store some data with this identifier on the server, and then store the identifier in a session cookie. That way whenever the browser makes a request it will give back the cookie, and the server can now which session corresponds to this user. You explained the concept in the article, but without mentioning that the way the id is store is in a cookie, which I think is a really important thing to know.

Also it means that :

Sessions maintains your information until you are on the particular web page. Once you close it, the session is being destroyed.

This is true in most cases, but it's not necessarily the case : A session maintains your information until it expires on the server (which is usually a predefined number of minutes since the last request with this particular session) or until the cookie expires in the browser. You could store your session id in a permanent cookie and make it so it never expires on the server if you really wanted to.

And that

Whereas, you (the user) cannot disable or enable sessions whenever you want.

Is wrong : If you delete all your cookies this will disable the session. The data will still exist on the server, but since it has no way to link it to your browser it's become useless.

Antother point is that :

Since HTTP is a stateless protocol, it does not keep track about the past or future commands. So, sessions here, play an important role for the servers to maintain the session state.

I would argue that as soon as you use cookies HTTP can be considered stateful, since the information contained in the cookies is sent back with every request. Cookies allow you to make a stateful app just as much as sessions

Collapse
vishalraj82 profile image
Vishal Raj

@nicolus Nice insights. @enakshi_pal Hope you find these useful.

Collapse
enakshi_pal profile image
Enakshi Pal Author

Yes. Thank you all for simplifying it! :)

Collapse
youpiwaza profile image
max

Yup, pretty nice corrections overall :)

Collapse
enakshi_pal profile image
Enakshi Pal Author

Hey! Thanks for the insights. Got more clarity on this. :)

Collapse
rohitkanyal profile image
Rohit Diwansingh Kanyal

Sweet and Simple I like it!

Collapse
enakshi_pal profile image
Enakshi Pal Author

Thanks! I am glad you liked it!

Collapse
bhavanaeh profile image
Bhavana

I've always been confused about the difference between sessions and cookies! Thanks for clarifying the difference in such simple terms :)

Collapse
enakshi_pal profile image
Enakshi Pal Author

Even I was confused until I penned it down :")
I am glad, you liked it. 😊

Collapse
vishalraj82 profile image
Vishal Raj

@enakshi_pal Nice article. Just quick info that even with sessions, an identifier cookie is tagged along in each http request, so that sever can identify and match the session.

Collapse
enakshi_pal profile image
Enakshi Pal Author

Thanks for adding in! I am glad you liked it! :)

Forem Open with the Forem app