where does session save?

Blockquote "Is session data stored on the server or client browser?"

It makes me think of a valet parking system. The valet (server) keeps your car (session data), but he/she gives you a ticket (session id) to hang onto which proves that the car is yours when you need access to it. If you lose your ticket (by deleting your cache, or closing the browser), your car (session data) is as good as gone since you can't prove it's your car anymore.

Okay, it's just an analogy...and breaks down quickly. E.g. you don't actually own your session information like you do your car. And you don't get to drive it away.


The session data that you read and write using $_SESSION is stored on server side, usually in text files in a temporary directory. They can not be accessed from outside.

The thing connecting a session to a client browser is the session ID, which is usually stored in a cookie (see the comments for exceptions to that rule). This ID is, and should be, the only thing about your session that is stored on client side.

If you delete the cookie in the browser, the connection to that session is lost, even if the file on the server continues to exist for some time.

The session.save_path variable influences the location on the server where the session data is stored. If you are not the server's administrator, it is usually not necessary to change it.


It's both! A session saves the actual session information on the server, but gives an identification cookie to the client to know which session belongs to which client. The information in the cookie itself is worthless, but allows the server to identify the client and use the actual session information.