Cookie is a small piece of data provided by the server in a HTTP response. It is stored in browser. The behavioral contract is that when client sends subsequent requests, it will send the cookie along with each request to the same web server.

CSRF

Cross Site Request Forgery

The tabs cannot access each other's page information, making CSRF difficult for pages with CSRF tokens.

Session

Server maintains data of each session.