Cookies: on the users' browser the cookies are stored. Until deleted cookies can keep the information in the users’ browser. If a user has a login credential, it can be set as a cookie in the users’ browser so that the user does not have to login again. In the browser cookies, almost anything can be stored. An issue with the cookies is that the user can delete them at will.
Session: does not depend on the user whether user permits a cookie. Instead, sessions work like a token permitting access and transferring information while the users’ browser is open. When the user closes the browser the session are lost. After the session is lost even the login credential would not be saved. The user will have to login again each time the user visits the website.