Which description best defines how cookies and sessions differ in web applications?

• A. A cookie stores data on the server; a session stores data on the client.
• B. A cookie stores data on the client; a session stores data on the server and never uses an identifier.
• C. Both cookies and sessions store data on the client.
• D. A cookie stores data on the client; a session stores data on the server or uses a session identifier.

Answer: (D)

This question tests how cookies and sessions differ in where data is stored and how they’re linked to a user across requests. Cookies reside on the user’s device (the client) and are sent with each request to the server. They’re best for small, client-owned data like preferences or a login token.

Sessions, on the other hand, keep the actual state on the server. The server stores the session data, and the client only carries a session identifier that the server uses to find the right data. That identifier is often stored in a cookie, but the key idea is that the data lives on the server and is referenced by an ID.

So the description that fits best is: the cookie stores data on the client; the session stores data on the server (and uses a session identifier to link the client to that server-side data).