Way of preserving data across a series of web site accesses by the user . session support is enabled by default . configuration options set in php.ini .SID(STRING) is a pre-defined constant within this extension.
User assigned a unique identifier, the “SESSION ID”. Session id is stored in a cookie on the client or in the url .
Site access by user triggers session id check automatically session.auto_start = 1 or upon request … using session_start().
$_SESSION is available as a global variable.
Enable session.use_only_cookies to enforce cookie usage (and prevent session ids in the url) and enable session.cookie_httponly to prevent javascript cookie access (and help prevent session hijacking via xss) .