What is session?

Please explain to the unknowing. What is the difference between sessionand cookies? Is it possible to apply one thing without compromising the functioning of the site? (As far as I understand the session mechanism uses cookies) And how to make the browser itself offer to save passwords on the first visit.

P.S. And don’t send me directly to Google, because I didn’t understand anything there.


Answer 1, authority 100%

The session mechanism uses cookies to store the sessionid, and that’s it. The difference is banal – cookies on the client, session on the server, the consequences are logical – cookies do not take up space on the server, sessions are not available for direct reading and modification by the user. That is, it is quite possible to store the password in clear text in the session, for example, although it is not recommended just in case. Also, the size of cookies is limited, and quite large amounts of data, objects, etc. can be stored in the session.

Also – the session works until the browser is closed or until the server storage timeout expires, cookies can be set for at least 10 years. That is, cookies should be used for longer periods (the “remember me” checkbox, for example).

UPD:(remember)Condition: the md5 hash of the password is stored in the database, so much has been done

$auth = $USER = false;
$hash = '';
//      
if (!empty($_POST['login']) && !empty($_POST['password']))
  $hash = md5($_POST['login'].'###'.md5($_POST['password']));
//   
if (!$hash && !empty($_SESSION['authhash']))
  $hash = $_SESSION['authhash'];
//   
if (!$hash && !empty($_COOKIE['authhash']))
  $hash = $_COOKIE['authhash'];
//   -  ,  
if ($hash) {
  $quser = mysql_query('SELECT * FROM `user` WHERE MD5(CONCAT(`username`, "###", `password`))="'.musql_real_escape_string($hash).'" LIMIT 1;');
  if ($USER = mysql_fetch_object($quser)) {
    $auth = true;
    $_SESSION['authhash'] = $hash;
    }
  if ($auth && !empty($_POST['remember']))
    setcookie('authhash', $hash, time()+60*60*24*7); //    
  }
//    $auth  $USER

Like this. There may be errors, but the essence seems to be conveyed.