What is the difference between Session and cookie?
A session doesn't taste good and you don't get fat!
A session as you probably mean it is a server-side object which stores state. You use it in servlets to store and retrieve data. You keep hearing people saying HTTP is a stateless protocol, right? They mean when you load a page, you're finished as far as the web server is concerned. If you reload a page, the new request isn't associated in any way with the previous one.
A cookie is a small piece of information a browser sends to a server with every request.
Most servlet containers use a cookie to identify a session.
1) The user's browser requests a servlet.
2) The servlet container creates a session.
3) The servlet gives the session a unique ID.
4) The servlet sets a cookie in the browser with this ID.
5) Let's say the servlet then store's the user's name in
5) The user requests another servlet on the same server.
As part of the request, the cookie with the session ID
is sent back to the server.
6) Since the servlet container is told which session to use,
it make it available again.
7) So servlet #2 can retrieve the user's name, since we
put it in the session, and say, "Hi, Bob."
Ouch. Two #5's up there. Time for bed.
cookies are only simple text that is stored on the client with some useful data to identify subsequent requests from the client and help the server to serve the client efficiently. cookies can hold data like books bought during an http session until the session expires. if you could store the nature of these books (e.g. fiction, technology etc.) then this data could be used to know the browsing behaviour of the user.
Sessions are objects (not text files) that store data and regarding a particular session and help the servlets to transfer this data to other servlet invocation so that the WEB SERVER understands (or is made to understand) that these requests have come from the same client. e.g. HttpSession objects are used to store such information.
hope this helps