In Laravel, both cookies and sessions store user data across requests but differ in where and how they store it. Cookies are stored in the user’s browser and are ideal for lightweight, persistent data like preferences. Sessions store data on the server and are better for sensitive or temporary data like login state. Sessions are more secure, while cookies are more accessible. Choosing between them depends on the use case and data sensitivity.
Key Differences: Cookie vs Session
| Feature | 🍪 Cookie | 🗂️ Session |
|---|---|---|
| Storage Location | Stored in the user’s browser | Stored on the server (file, database, Redis) |
| Security | Less secure (exposed in browser; must encrypt) | More secure (data stays on the server) |
| Size Limit | ~4 KB | No strict limit (depends on storage driver) |
| Lifetime | Can be set to expire at any time | Lasts until the session expires or is destroyed |
| Visibility | User can see/edit it via browser dev tools | Hidden from the user |
| Speed | Slightly faster for small data | Server-side access is safer but slightly slower |
| Usage Examples | Remember-me tokens, preferences, language settings | Login state, flash messages, cart, user data |
Laravel Usage Examples
Cookie Example:
File: app/Http/Controllers/CookieController.php
// Set cookie for 60 minutes
$cookie = cookie('user_name', 'Priya', 60);
return response('Cookie set')->cookie($cookie);
// Get cookie
$user = request()->cookie('user_name');
Session Example:
File: app/Http/Controllers/SessionController.php
// Set session
session(['user_id' => 5]);
// Get session
$userId = session('user_id');
// Flash data (one-time message)
session()->flash('status', 'Logged in successfully!');
Security Comparison
| Feature | Cookie | Session |
|---|---|---|
| Encrypted | Must be encrypted manually | Laravel encrypts automatically |
| Tamper-safe | Signed by Laravel if set | Fully secured by default |
| Stored data | Exposed in browser | Hidden on server |
When to Use What?
- Use Session for:
- Login status
- Form validation errors
- Flash messages
- Shopping cart data
- Use Cookie for:
- “Remember me” functionality
- Store user language/theme preference
- Persistent data across browser restarts
