Sessions are stored in server memory, and sessions may/maynot use cookies to store something in the browser. Session is basically to identify a user in his security context. The web application uses session to identify whether the user is authenticated.. etc.So use session if you want to store username, login status etc.
Cookies are for client side and be noted that it can be modified by the user. So you should not build an application that uses cookie value for authentication, but at the same time you can use them for themes, user language etc (these are preferencesonly, modifying this will not affect the application secuirty)