Web development blog by Philipp Rieber
By default, PHP persists every user session to a single file stored in the system’s default temporary directory. You can go there, open an arbitrary session file – most likely prefixed by
sess_ – and you will find a serialized array which represents the contents of the global
$_SESSION array which is available to your scripts. Ok, this works great, so what’s the problem with this setup?