Both are used to store user specific information that is used to personalize or customize the visitor experience to a website. This includes storing such info as username, password, real name of the user, and preferences.

The main difference is that cookies are stored in the user’s browser and sessions are stored on the server. Usually both are removed or deleted shortly after the user finishes with the visit to a website. However, cookies can be cleared by the user through the browser interface or the user can limit or deny storing cookies on her or his computer. Sessions, on the other hand, are not controlled by the user through the browser. Although as soon as the browser is closed, so is the session whereas a cookie can remain saved even if the browser is closed and later re-opened.

So even though a user has more control over cookies (whether they exercise that control is another matter), a session tends to be more short term.

If you require more long term solution for storing user specific data, such as preferences for a site, then you need to consider storing that info in database and then retrieving it and storing the data in a cookie or session as needed.