A cookie is where a physical file is created on a visitors computer and information can be saved to ie if someone is logged on or not, last page visited etc. A session works slightly different. It still creates a physical file on the visitors computer but in it there is a unique number. This unique number is also called session id. At the same time a file is created on the server which is linked to the session id. In this file the same information is stored ie if a person is logged in or not etc. When using a cookie you can tell it when it should expire. Sessions by default will expire when the browser is closed or after a a few minutes of inactivity. But settings can be changed to make it work differently.