Sessions & Cookies

Sanny Do
4 min readNov 16, 2020

You may have noticed the “Block or allow cookies” pop-up messages when you clicked on a web browser, and without knowing exactly what are cookies, clicked “allow”.. I’m guilty of that.

What exactly are sessions and cookies?

Cookies and sessions are used to store information. To break it down, let’s start off by explaining sessions, sessions is the time a user is on a website. It is the time between logging in to logging out. Sessions expire the moment the browser is closed.

Cookies are text files that hold data about a user. Such as username, password, a unique ID that represents you as a user. The website that you visit uses cookies, then a cookie file is saved to your PC, phone, Mac, whichever device you are using. This helps companies create characters to their users. What does that mean? This helps them understand the users more, instead of just being an ID. Companies gather information about a user such as what was saved in their shopping cart, name, etc. To simply explain it, it is a piece of code that tracks your online activity. This makes it easy for website to save your login and credit card information. While this may sound unsafe, most cookies have harmless motives. This is not to say that some websites may be dangerous and may in fact be unsafe. It is advise to clear your cookies every now and then to reduce risks. Make sure the websites that you do decide to allow cookies are indeed legit and safe.

How to stay safe with Cookies?

  • Be sure to enable browser add-ons that block third-party software such as cookie trackers and keeps your browsing private.
  • Disable the storage of cookies in your internet browser, this reduces the amount of information being shared.
  • If you are unsure about a site and it is asking for you to accept cookies, it’s best to leave the website immediately. It’s better to stay safe than to have your personal information stolen.
  • Install anti-malware software such as Freeware to remove tracking cookies.
  • It is a good idea to remove cookies on your browser from time to time as they can pose a security threat. Hackers can hijack cookies and gain access to browser sessions and steal personal data.

Difference Between Session and Cookie:

Here’s an analogy to better explain what sessions and cookies are:

Say you are a member at La Madeleine, you even downloaded the app to gain rewards every time you made an order. This membership gives you a stateful interaction with La Madeleine. Meaning the company is keeping records of your account in order to customize your account. You may think you are just holding a card but that card ensures your identification, just like a cookie which is always client-side. The cookie will match with the right session each time it is used.
Okay okay, let’s rewind, so La Madeleine already knows what you usually order because of the web server (where sessions are stored.) La Madeleine is tracking many sessions and when you use your cookie (your La Madeleine card) it will match with the right session. This makes it easier for companies to personalize every customer’s account. This is the same with web browser, every HTTP request made by your browser sends a cookie in order for the server to utilize it.

Cookies and sessions are what makes HTTP stateful!