This is kind of strange question, cause the Cookie exists on client side and identifies to which session the request belongs. And the session object keeps informations about the session. So both cooperate and are no alternatives
You would want to point out that Cookies have a controllable life-time so you can keep information between user sessions if you want. Also you have fine control over where cookies are valid (whole site vrs one application) Do a search for rfc2109 to find out more about the cookie specs. Bill
subject: Cookie and HttpSession object, which one to use when?