hi

how session are differ from cookies?

Sessions are not really cookies. Basically, session variables are kept in
memory on the server (or through another method such as a database). They
set a cookie on the browser with information to identify exactly what
session the browser is part of. Sessions are usually kept short so that the
server can then close them out and release their resources frequently. That
way, you don't end up with hundrends of sessions active that actually don't
have any users doing anything (sessions don't close when someone browses to
another web site). For things like login information, shorter sessions are
good because if a user leaves their computer and someone else walks up, the
window of opportunity for such an error is reduced. You may want to see what
is useful to put into cookies if you need to keep good control over the time
a value is stored for without eating up tons of server resources. You may
also want to look at ASP.Net's forms authentication features as it also has
a sliding expiration for user information. In other word, the timeout is
refreshed whenever the user grabs another page on the site.

Hope this helps,

he main difference between cookies and sessions is that cookies are stored in the user's browser, and sessions are not. This difference determines what each is best used for.
A cookie can keep information in the user's browser until deleted. If a person has a login and password, this can be set as a cookie in their browser so they do not have to re-login to your website every time they visit. You can store almost anything in a browser cookie. The trouble is that a user can block cookies or delete them at any time. If, for example, your website's shopping cart utilized cookies, and a person had their browser set to block them, then they could not shop at your website.

Sessions are not reliant on the user allowing a cookie. They work instead like a token allowing access and passing information while the user has their browser open. The problem with sessions is that when you close your browser you also lose the session. So, if you had a site requiring a login, this couldn't be saved as a session like it could as a cookie, and the user would be forced to re-login every time they visit.

You can of course get the best of both worlds! Once you know what each does, you can use a combination of cookies and sessions to make your site work exactly the way you want it to.