Even if they look similar they have different functions and are complementary, you should not just use one or the other.
The idea of the sessions is to offer persistence to certain data throughout the subsequent requests .
They allow to store user information individually, during the session. The identifier of the session that tells PHP if a session exists or not is sent to the browser using Cookies by default, this identifier is also used to recover the data of the session. The session information is stored by default in a file on the path set in the environment variable session.save_path .
The maximum time a session is determined by the environment variable session. gc_maxlifetime and its default value is 1440 seconds (24min). In other words, if at that time no http request containing the cookie with the session id has been received, it will be proposed to the garbage collector, on the other hand the sessions may be designed manually . They could also easily delete all sessions, ie all users, eliminating all session files in the directory defined by session.save_path .
The idea of coockies is to offer persistence to certain data over time of cookie life .
The actual operation of cookies is defined in RFC 6265 2011.
Cookies allow you to store information in the browser through pairs of data name = value , this data is sent to the server on each request.
Cookies are part of the HTTP headers, and these are used to create or modify them normally.
The lifetime of a cookie can be established when creating it by defining the Max-Age attribute, if this attribute is not present the duration of the cookie will be until the browser is closed. On the other hand, browsers may not respect the time set for the cookie. There is no maximum time limit set, enclosed in quotes " can last as long as we want ".
Cookies are not recommended to store sensitive information since it is information sent by the client (and can be altered) and any external data must always be treated with suspicion.