cookie
A cookie is actually a small piece of textual information, which is real. When the client requests the server, the client records the content of the cookie.
Session is another mechanism for recording client status information. Unlike cookies, session stores information on the server side.
In layman's terms, we can understand cookies and sessions in this way: Using cookies is equivalent to sending a pass to each user. The browser does not know who you are, but it knows the pass; and the session is equivalent to getting the customer's information. Look up in the "Customer Registration Form" of the server to see if there is this information, if not, you must recreate the information.
Cookies and sessions are stored on the browser and server respectively. If there is too much information, it will put pressure on the browser and server, affect the speed, and take up memory. So generally
the content of cookies and sessions will not be stored too much. In some regulations, the size of a single cookie must not exceed 4k. And in the session mechanism, if a user does not use it for a long time, that is, inactive login, it will be cleared. To keep the cookie valid for a long time, you need to set the valid time of the cookie, otherwise the cookie will be considered invalid if you close the page.
Finally, cookies are not particularly secure. Because the user's cookie information can be stolen through the browser for cookie deception. Generally use session. But it is generally better to use cookie and session together. Store the session-id in the cookie. Each time you check whether you have logged in, you use the session-id in the cookie to compare with the information in the session. If it is the same user, it means you have logged in, otherwise you have to log in again.