For a long time, it was unclear to me the difference between a session and a cookie. Largely, because they seemed so intertwined and used for similar purposes.
Recently, I have been working on client project where we are introducing SAML based single sign-on but our codebase isn't what sets the cookie that needs to be destroyed upon logout. The cookie is created by the identity provider so it proved difficult to delete. The domain on which our codebase resides has the same root domain as the identity provider domain (so it wasn't a cross-domain issue) but I ended up having to explicitly define not only the path but the cookie domain as well when deleting the cookie.
Cookie: A key/value pair that is stored by the user's browser and is available in the superglobal $_COOKIE array available in PHP. The cookie request is initiated with an explicitly defined expiration date. For example:
setcookie('cookieName', $some_value, time()+3600, "/", ".example.com")
On the next server request, $_COOKIE['cookieName'] will be available. If you use a browser tool to look at the cookie, it will have an expiration date.
Session Cookie: Identical to the above but defined without an expiration date. If you use the same browser tool it will say that the cookie expires at the end of the session; which is ultimately when you close your browser. For example:
PHP Session: a server side mechanism that will associate a bunch of data with a session id. Every time a session is invoked, it serializes/unserializes it. This could be more data than just a single key/value pair that a cookie supports, but the way of associating this data with a user is by creating a cookie (regular or session as described above) in their browser that contains the session id. This way, the right data can be retrieved for a given user based on the value of that cookie.