Sessions are stored per-user on server-side, by default, it stored on server’s memory. But you can configure it to store at database. It’s scope is browser wide. Same user can run two or more browsers and each browser has it’s own session.

While Cookies are stored on client-side by browser physically and by browser physically. Different users at same machine can read same cookie.

Both session and cookies can be used to store user/visitor information. Sessions have a unique identifier (session key) that maps them to specific users/visitor. This identifier(session key) can be passed in the URL or saved into a session cookie. Most sites save the identifier in a cookie instead of passing it in a URL. That is why, by deleting the cookies you effectively erase their matching sessions as you remove the unique session identifier contained in the cookies.

Storage

There is no data storage limit within in sessions. All sessions are stored on the server. The only limits you can reach is the maximum memory a script can consume at one time, which by default is 128MB.

Cookies has generally 4K limit but it really depends on browser.