Basically, whenever a session is started, a temp file (cookie) is created on the server side which is identified by a randomly generated sessionID (PHPSESSID) and contains a session's information (registered variables and their values).
Eg. The file
sess_f828da0ce39572a81e4a803d10928150 contains : logged_id|i:0;css_file|s:13:"mainstyle.css";msg|s:0:"";
In order for the client system to make use of these variables, it must know which temp file it "owns". The same sessionID gernerated earler must be stored on the client side somehow and made available to each page that needs to use the session variables. If the client "knows" the sessionID, then it knows which tempfile it "owns" on the server. You can do this two ways:
1. passing it from page to page using a client-side cookie which stores nothing but the sessionID
Eg. The file:
blahblah_temp contains: f828da0ce39572a81e4a803d10928150
2. or passing it via GET/POST variables (in the URL)
Eg. blahpage.php?PHPSESSID=f828da0ce39572a81e4a803d10928150
The latter form is not as secure but allows you to work around users that do not allow cookies. Here's a good explanation of the difference:
http://www.fluidthoughts.com/howto/php/sessions/
Hope this helps!
