Session:
- Info stored in server: only pass sessionId back to client. Use session for secure reason but it takes resources.
- It is more detailed compared to cookie.
Cookie:
Format(name,key/value, expire date, domain…)
set cookie in header and send back to server with request.