I would session variables and not cookies cos even though cookies persist for longer, they can only store simple data types and your target audience's browsers can reject them.<BR>Session variables last for as long as its name suggests, for the duration of the 'session' or the user's visits. It can store any variable type as well but places a heavy load on the server unlike cookies.
I don't think that it actually matters whether you store it in a Session Cookie or an actual Cookie stored on the users machine.<BR><BR>The fact is, that whether you store it in a Session Cookie or a Machine Cookie nearly all information is stored in the database, so you shouldn't really need anything more than a Session ID value stored in the actual cookie.<BR><BR>HTH<BR><BR>Darren<BR>[ email@example.com ]
It is all up to you and the server you have. If you have a lower end server with a large user base, then I would suggest cookies. But if you have a strong server and setup your sessions well and methodical, than go for the sessions, they are so easy and so powerful but you pay the price in resources. That is why I suggest having a good machine and good way to track the sessions so they get abandoned quickly.