Cookies are available on the client-side, so they can be seen from the browser.
Sessions are stored on the server, and are never sent to the client (except if you write some cludge to do that). If sessions were stored on the client-side, I don't believe your PHP code would be able to access them as PHP is a server-side language. It is best to store sensitive information in a session rather than a cookie so that it cannot easily be accessed or manipulated.
The only thing is that the session cookie contains the session identifier which php uses to retrieve the proper session data.
A cookie is a small file that the server embeds on the user's computer. Each time the same computer requests a page with a browser, it will send the cookie too. With PHP, you can both create and retrieve cookie values.