sessions or cookies??

I have been reading a lot of tutorials on user authentications. What is safer/better, using cookies or sessions?

Hi DDDooGGG,

Again, just like any engineering concepts, it depends on what you want and how you want to deploy it.

In these days of enterprise application, most, if not, all browsers accept cookies.

Cookies are a relatively easy way to maintain easy state and it can be safely deployed across a web farm. State Management is decentralized to the client browser which makes the server processing more scalable for multi-connections and processing

Sessions are very easy to use however, state is kept by the server mapped to the current session ID. That makes a multi-server, load-balancing usage very difficult. It puts the workload on the server instead and will make multiple-connections to a same server application very difficult as well.

There are pros and cons to each. However, in my opinion, sessions were overly preached and used in those days of cookieless browsers. The mindset must change today. And sessions were also used to store objects which is NOT recommended. To store objects in cookies, serialize it out in XML or some delimited text form.

hth

My advice to you DDDooGGG is to use sessions for authentication.
When you need to set and retrieve preferences or other similar data it is best to use a cookie.