Sessions in PHP have one more significant advantage against using ordinary cookies: They can be used even when the user has cookies disabled, because then all relative URLs are rewritten in a manner that the session_id is appended as a GET parameter.
Also, cookies has some restrictions as how much data you can store in them (I believe it was 4 kB per Cookie, no more than 20 Cookies per domain). In regard to this, sessions are more flexible, though I haven't researched deeply enough if there might be any session size restrictions in the .ini file or elsewhere.
And as some others have already replied, sessions are quite easy to use because PHP comes along with a neat set of session handling functions. Whereas with cookies you only have setcookie() and $_COOKIE to play with.
So it actually depends how you implement session/cookies in your application to achieve the desired results you described, none of them won't prevent viewing of member files on its own, you'd have to build an authentication functionality.