They are the same ones, in both cases the cookie is sent to the browser, stored there and the browser send it back to you every request until it expires or is deleted.
For that reason, you should never use cookie for security as your question implies nor for any data which you consider important to keep unaltered by the end user.
There are five things to always remember when you use cookie:
1 - you can not trust its content
2 - you can not assume it will still be there on the next request
3 - you can not trust its content
4 - you can not assume the user never visited before if it's not there
5 - you can not trust its content
A cookie is a cookie is a cookie. The import thing is what you store in it. So, what are you storing in them?
I'm not sure if at the time you asked the question you were aware of the fact that some browsers support an additional HTTPOnly flag for cookies. In that regard, cookies sent with PHP, that contain the
So, users that have a browser supporting HTTPOnly cookies, will be better protected against XSS attacks.
If you are talking about Session cookies, then they can be considered to be secure in comparison with normal ones.
©2020 All rights reserved.