Cookies vs. Sessions: How Websites Remember You
The web is inherently stateless — every page load is a fresh request. To keep you “logged in” and remember preferences, sites rely on two pillars: cookies (stored in your browser) and sessions (stored on the server).
When you log in to a website, your browser temporarily maintains a connection state with the server. This is necessary because the web is fundamentally “stateless” — every page load is treated as a brand-new request. Without additional help, a website has no memory of who you are after a refresh, a tab close, or reopening the browser.
That’s why the web uses two key tools — Cookies and Sessions — to “remember” users.
Cookies: The Browser’s Memory
A cookie is a small piece of data that a website stores on your own computer. It acts like a short note left on your disk, allowing the site to recall information between visits.
Cookies might store things like your login preference, language, or dark mode setting, so that when you come back later, the site already “remembers” you. They are lightweight text files that help websites maintain a sense of continuity in an otherwise memoryless environment.
For example, if you choose dark mode on a site, a cookie can save that setting. The next time you visit, the website reads the cookie and automatically loads the dark theme for you.
Sessions: The Server’s Memory
A session is different — it’s stored not in your browser, but on the server. When you log in, the server creates a session to keep track of who you are and what actions you’ve performed.
To connect this session to your browser, the server issues a unique identifier called a Session ID. Your browser temporarily stores this Session ID inside a cookie, and sends it back with every request.
This way, the server can recognize that “this is the same user who just logged in” — even though each page request is technically separate.
The Key Difference
- Cookies are stored on your device and managed by your browser.
- Sessions are stored on the server, where they keep track of your login state and activity.
While cookies can persist for long periods — even after the browser closes — sessions are designed to expire automatically after a certain time or once you log out.
That’s why cookies can be used for auto-login features, while sessions are safer for temporary authentication, such as staying logged in during a single visit.
In summary, cookies and sessions work together to make web browsing seamless. Cookies remember your preferences and minor details on your device, while sessions securely identify you on the server side — ensuring both convenience and security in your online experience.
You can view the original blog post in Korean at the links below: