Rasi
answered Nov 30 '-1 00:00
session means storage at server side for sensitive auth related info
and cookie is getting stored at User ' s pc .
so session is more secure and cookie less secure. cookie is less secure because it will be grab by any hacker from user's pc . so one can not relie on Cookie when data is sensitive. session more good option to store auth related info , or other sensitive info because it stored at server and not easy to hack it to grab the info.
respect to JavaScript
cookie can be accessible by JavaScript also . so its reliable in some cases where JavaScript is the main scripting language . so cookie can be store or retrieve by JavaScript or server side language as well .
in another hand you cant use JavaScript to get server side SESSION .