HTTP is a stateless protocol, which means that each interaction between the web browser and server stands alone. So how do you track a user as he or she navigates through a series of web pages on a web site? You use sessions. Starting with version 4, PHP offers built-in support for sessions via the session family of functions. In this chapter, you'll see how Drupal uses PHP's sessions.
When a browser first requests a page from a Drupal site, PHP issues the browser a cookie containing a randomly generated 32-character ID, called
PHPSESSID by default. This is done by the inclusion of one line in the HTTP response headers sent to the browser the first time it visits the site:
HTTP/1.1 200 OK Date: Thu, 17 Apr ...