A PHP session stores data on the server, and associates a short session ID string (known as SID) with that data.
The PHP engine then sends a cookie containing the SID to the browser to store.
Then, when the browser requests a URL on the Web site, it sends the SID cookie back to the server, allowing PHP to retrieve the session data and make it accessible to your script.
The session IDs generated by PHP are unique, random.
The session data is stored on the server, and it doesn't have to be sent with each browser request.
By default, PHP stores each session's data in a temporary file on the server.
The location of the temporary files are specified by the session.save_path directive in the PHP configuration file.
You can display this value with:
echo ini_get(" session.save_path" );
The session files are often stored in/tmp on UNIX or Linux systems, and C:\WINDOWS\Temp on Windows systems.
ini_get() can access the value of most PHP configuration directives, and ini_set() can set directives.