Session management is used to track user activity, including the login and logout (or the beginning and end of a user session) of a Web application, otherwise known as "state." Because HTTP is a stateless technology, HTTP has no inherent method of tracking state or managing sessions. Therefore, session data is managed by the server (Sessions) or is read from the browser (Cookies). There are advantage and disadvantages to both methods.
What are the pros and cons of using cookies?
What are the pros and cons of using Sessions?
What is the primary focus you should have in designing Web applications?