DIFFERENCE BETWEEN NON-PERSISTENT & PERSISTENT XSS

Hello Friends! I Know U All  Have Problem In Finding The Difference Between Non-Persistent & Persistent XSS , So U Don Need To Worrry. Just Read The Following, U Will Have No doubt

Non-persistent:

1. Alice often visits a particular website, which is hosted by Bob. Bob's website allows Alice to log in with a username/password pair and stores sensitive data, such as billing information.
2. Mallory observes that Bob's website contains a reflected XSS vulnerability.
3. Mallory crafts a URL to exploit the vulnerability, and sends Alice an email, enticing her to click on a link for the URL under false pretenses. This URL will point to Bob's website (either directly or through an IFRAME ), but will contain Mallory's malicious code, which the website will reflect.
4. Alice visits the URL provided by Mallory while logged into Bob's website.
5. The malicious script embedded in the URL executes in Alice's browser, as if it came directly from Bob's server (this is the actual XSS vulnerability). The script can be used to send Alice's session cookie to Mallory. Mallory can then use the session cookie to steal sensitive information available to Alice (authentication credentials, billing info, etc.) without Alice's knowledge.

Persistent attack:

1. Mallory posts a message with malicious payload to a social network.
2. When Bob reads the message, Mallory's XSS steals Bob's cookie.
3. Mallory can now HIJACK Bob's session and impersonate Bob