About
A session cookie stores a session identifier in a cookie.
HTTP servers commonly store the session identifier in a cookie.
Using session identifier cookies limits the damage an attacker can cause if the attacker learns the contents of a cookie because the session identifier is useful only for interacting with the server (unlike non-nonce cookie content, which might itself be sensitive)