The main difference between Session Cookie and Persistent Cookie lies in the expiration time:
Session Cookie
- No expiration time set or set to 0
- Stored in browser memory
- Automatically deleted when the browser is closed
- Used for temporary session information storage
- Example:
Set-Cookie: sessionId=abc123
Persistent Cookie
- Has a clear expiration time (Expires) or maximum age (Max-Age)
- Stored on the browser's hard drive
- Remains even after the browser is closed
- Used for long-term storage of user preferences or login status
- Example:
Set-Cookie: userId=456; Expires=Wed, 09 Jun 2026 10:18:14 GMT
Use case comparison:
- Session Cookie: temporary items in shopping cart, temporary form data
- Persistent Cookie: remember me functionality, user preferences, user behavior tracking
Security considerations:
- Sensitive information should use Session Cookie
- Persistent Cookie should have a reasonable expiration time
- Both types of Cookie should consider using Secure and HttpOnly flags