Session vs Cookies in ASP.NET MVC

Abhay Harsora
2w
262
0
1
25
Blog

Introduction

When building web applications, we often need to store user information temporarily. For example:

Keeping a user logged in
Saving user preferences
Storing shopping cart items
Remembering user settings

In ASP.NET MVC, two common ways to store this information are Session and Cookies.

Many beginners get confused about when to use Session and when to use Cookies. In this article, we will explain the difference between them in simple words with examples.

What is Session?

A Session is used to store user data on the server side.

Each user visiting a website gets a unique session ID, which allows the server to identify that user.

Example

If a user logs into a website, we can store their username in a session.

Session Example in ASP.NET MVC

Controller code:

public ActionResult Login()
{
    Session["Username"] = "Rahul";
    return View();
}

Explanation

Here we are storing Rahul in the session variable.

This value will remain available until:

User logs out
Session expires
Browser is closed (depending on configuration)

Retrieving Session Data

We can retrieve the stored value like this:

public ActionResult Dashboard()
{
    string user = Session["Username"].ToString();
    ViewBag.User = user;

    return View();
}

View (Dashboard.cshtml)

<h2>Welcome @ViewBag.User</h2>

Output

Welcome Rahul

What are Cookies?

A Cookie is a small piece of data stored in the user's browser.

Unlike sessions, cookies are stored on the client side.

They can remain even after the browser is closed (if expiration is set).

Creating Cookies in ASP.NET MVC

Controller code:

public ActionResult CreateCookie()
{
    HttpCookie cookie = new HttpCookie("Username");
    cookie.Value = "Rahul";
    cookie.Expires = DateTime.Now.AddDays(7);

    Response.Cookies.Add(cookie);

    return View();
}

Explanation

Here we are creating a cookie named Username that will be stored in the browser for 7 days.

Reading Cookies

public ActionResult ReadCookie()
{
    string user = Request.Cookies["Username"].Value;

    ViewBag.User = user;

    return View();
}

View:

<h2>Welcome @ViewBag.User</h2>

Output

Welcome Rahul

Key Differences Between Session and Cookies

Feature	Session	Cookies
Storage Location	Server	User Browser
Security	More Secure	Less Secure
Size Limit	Large	Small (about 4KB)
Expiration	Ends when session expires	Can persist for days/months
Performance	Uses server memory	Stored on client side

When Should You Use Session?

Use Session when:

Storing sensitive data
Managing login sessions
Temporary user data
Server-controlled information

Example:

User authentication
Shopping cart items

When Should You Use Cookies?

Use Cookies when:

You need to remember user preferences
You want data stored in the browser
You need persistent storage across visits

Example:

Language preferences
Remember me option
Theme settings

Example Scenario

Login System

When a user logs in:

Store User ID in Session
Store Remember Me in Cookie

This combination provides both security and convenience.

Advantages of Session

More secure than cookies
Stored on server
Cannot be easily modified by users

Advantages of Cookies

Persistent storage
Does not consume server memory
Works across multiple visits

Common Mistakes Beginners Make

Some beginners:

❌ Store sensitive data in cookies
❌ Store large data in cookies
❌ Forget session expiration handling

Always remember:

Use sessions for security
Use cookies for preferences

Conclusion

Both Session and Cookies are important tools for managing user data in ASP.NET MVC applications.

Sessions store data on the server, making them more secure, while cookies store data in the browser, allowing persistent storage across visits.

Understanding when to use each will help you build better and more efficient web applications.

For beginners learning ASP.NET MVC, mastering Session and Cookies is an essential step in understanding state management in web development.