Session vs. Cookie

The Session files are located in the server part, and the file that stores the Cookie are located in the client part. So it’s not safe to use the Cookie for authentication since the Cookie file can be changed by the users. The Session files in the server part can’t be changed by the users. If the folder where the session files are located is configured as unable to be accessed through web, it will be safer.

Anyway, Session can’t replace Cookie. Cookie can store the lifetime of Session, Session ID. It will be work very well to use Session and Cookie together for authentication.

The nexit blog is my note about using Session and Cookie together for authentication.

Leave a Reply

Your email address will not be published. Required fields are marked *