some questions about session

Anon

If users disable cookie, can session variable still work? and session variable took memory of client side or server side? Thanks.

bretticus

yes.

http://www.php.net/manual/en/ref.session.php

"There are two methods to propagate a session id:

URL parameter

The session module supports both methods. Cookies are optimal, but since they are not reliable (clients are not bound to accept them), we cannot rely on them. The second method embeds the session id directly into URLs.

PHP is capable of doing this transparently when compiled with --enable-trans-sid. If you enable this option, relative URIs will be changed to contain the session id automatically. Alternatively, you can use the constant SID which is defined, if the client did not send the appropriate cookie. SID is either of the form session_name=session_id or is an empty string.
"

Anon

So by saying that, session would waste memory on client side not server side right?