A session is pretty much a cookie with a bit of extra functionality. Unless you're storing the password in plaintext in the cookie or something, one isn't really more secure than the other.
session data is not viewable by a visitor cookie data is viewable by a visitor. as to security, its ok to store information in cookies but encrypt it using a unique key (with something like mCrypt), or hash it using $salt (md5($salt.$value) if the value is for pure comparison purposes. The well-planned/coded visitor login authentication/validation will use both sessions and cookies. cookies generally allow for automated logins and visitor/site preferences storage without sacrificing security.
the security does not depend on what function methodology you used, it depends on how carefully you planned your application and how good your knowledge of the PL is