I have been doing a lot of research on the internet with regards to sessions and cookies and the argument for sessions that I keep coming across is that if cookies are disable it won't affect the sessions.
Still, every time a clear cookies my session variables seem to clear as well. Also, I've read on a few websites that sessions should in fact clear with the cookies.
Can someone please explain this to me?
If its possible php stores its session id in a cookie. If your browser rejects that, it carries the session id along with the query string.
If you kill your cookies and no query string adjustment was made, php forgets who you are!
However cookie usage can be disabled by http://de2.php.net/manual/en/session.configuration.php#ini.session.use-cookies
You are mistaken. sessions depend on cookies. when you request a page a cookie containing your session UID is sent to the server. so clearing cookies will result in losing the session.
You can force using the PHP SESS ID in get instead of in a cookies if you want, the default one is cookies
A session utilizes cookies by storing a cookie with a near-future (or sometimes even a negative) expiration date. In PHP this cookie can be found under the name PHPSESSID by default. Use of the session_start function in PHP is required at runtime to load and associate/identify the user and associated session information.
Because sessions are a special type of cookie clearing of cookies (even if cookies are disabled) will likely cause a loss of the session identifier, causing the session to reset.
This is a great article that clears up any mystery behind PHP sessions:
http://justinmccormick.com/wp/programming/php-sessions-explained
PHP stores the session id inside a cookie per default, if you clear that the session is gone.
What you can do is to enable session.use_trans_sid. That way PHP appends the session id to the url. (but i would not recommend that)