Where are $_SESSION variables stored?
As mentioned already, the contents are stored at the server. However the session is identified by a session-id, which is stored at the client and send with each request. Usually the session-id is stored in a cookie, but it can also be appended to urls. (That's the PHPSESSID
query-parameter you some times see)
They're generally stored on the server. Where they're stored is up to you as the developer. You can use the session.save_handler
configuration variable and the session_set_save_handler
to control how sessions get saved on the server. The default save method is to save sessions to files. Where they get saved is controlled by the session.save_path
variable.
The location of the $_SESSION
variable storage is determined by PHP's session.save_path
configuration. Usually this is /tmp
on a Linux/Unix system. Use the phpinfo()
function to view your particular settings if not 100% sure by creating a file with this content in the DocumentRoot
of your domain:
<?php
phpinfo();
?>
Here is the link to the PHP documentation on this configuration setting:
http://php.net/manual/en/session.configuration.php#ini.session.save-path