cookies store the actual data in a file on the user's computer
session's store a number on the user's computer using a cookie (or in the url) and that corosponds to a file on the server with tha values.
cookies can be faked, while it takes much much more effort to take a session value (the numbers are not sequential)
Sessions in PHP have one more significant advantage against using ordinary cookies: They can be used even when the user has cookies disabled, because then all relative URLs are rewritten in a manner that the session_id is appended as a GET parameter.
Also, cookies has some restrictions as how much data you can store in them (I believe it was 4 kB per Cookie, no more than 20 Cookies per domain). In regard to this, sessions are more flexible, though I haven't researched deeply enough if there might be any session size restrictions in the .ini file or elsewhere.
And as some others have already replied, sessions are quite easy to use because PHP comes along with a neat set of session handling functions. Whereas with cookies you only have setcookie() and $_COOKIE to play with.
So it actually depends how you implement session/cookies in your application to achieve the desired results you described, none of them won't prevent viewing of member files on its own, you'd have to build an authentication functionality.
Sessions are way better than cookies. A bit hard to start off with them but once you get the basics it all works fine.
To check if a user is logged in or not you should use an if() function to check if a cookie/session variable exists and if it isn't make a form so that the user will log in (it will check the username and/or password and if they are correct it will create that cookie or session variable)
__________________ I don't suffer from insanity, I enjoy every single minute of it!
I use cookie for my own website (not online(yet)) and it is working great for secure member area's and login in for eg change your profile, just like this forum.
And I give my members a chooise:
Login with cookie (so they stay logged in for about 2 weeks)
or login with session so they are automaticly logout if the browser closes, this is, I think, great for people who surf 2 my site at a public pc in eg a libary or school.