THE BIG PICTURE: Sessions and Cookies
Web pages don't remember you
How do you get information from a webpage? When enter a search into your browser you're making an HTTP request.
Unfortunately, when you make a request it has no memory of any other requests that you may have made.
Think of a resturant. If you order a hamburger the kitchen will serve you one. Now, later on, you order a dessert. Since the waiter remembers you, they will include your meal and dessert in the same bill.
A webpage is different. It does not recognize you from one request to another the way that your waiter does.
If we continue with the website-as-a-resturant metaphor, your waiter in this situation doesn't remember you. The waiter greets you again, gets the kitchen to serve you dessert, and creates a seperate bill for this request.
This lack of memory from one request to the next can limit the things that can be done on a website in the same way it limits our metaphorical resturant.
For example: Lets say you log into your account. Great! Now you want to navigate to your friends page. Well, this wont work with a simple HTTP request. The webpage won't recognize you, you'll be denied access to the friends page, and will probably be asked to login again.
What's a cookie and what is it used for?
A cookie is information that is stored on your browser.
You might think of a cookie as a sticky-note that a website puts on your shirt. It contains information that the website wants to remember about you. Now, when you visit, the website can read the sticky note and know what it wrote about you.
If a website can recognize you, it can do things like keep you logged into your account or offer you a personalized greeting when you visit a page.
What is a session and what is it used for?
A session is information that is stored on a server. Sessions are matched with cookies to access potentially sensitive information about you. They can also be used to store large amounts of information since cookies can only store a small amount of data.
If a cookie is a sticky note on your shirt then we might think of a session as the web pages clipboard.
Let's say a web page writes the number "1" on your cookie.
When it sees your cookie with the "1", it can look up session #1 on its clipboard where it has written down a bunch of details about you.
Now, when you visit a webpage, it can access information about you without having to squeeze it all into a single cookie and without having to write it where anyone can read it.