Session variable(Server side State Management) is more secure than cookies (client side State Management).
we can disable cookies, hack it or decode it.
Better to use Session variable.
Go through following link for State Management
StateManagement_Suggestions[
^]
[Edit]Fixed typos and TXT words[/Edit]