在PHP中的会话深度

i've few questions about PHP sessions. hope to get the answers soon.

if i'll only use session with out creating any cookies. does the session automatically create cookies at client browser?
how to know the session id? is it created by the developer or each session created is referenced by an id?
if i'll destroy a session, before destroying do i've to delete the cookies also for which i never written code in my site? (as i need to create only one time log in may b once in a year like election. so i don't need to store user information at client.)
if my code will be $_SESSION['user']='xxx', when 'yyy' logs in, does the $_SESSION['user'] gets replaced by 'yyy' as the session data is stored in server?
how do i know, how many simultaneous users can my site handle? does this has anything to do with how i manage the sessions? or server traffic?
i read somewhere that sessions can also be hijacked. and hence suggested to store sessions in database instead of /tmp in server. how to store sessions in database? is there any specific process or we have to proceed like classical way, writing a query to insert when the session is created and deleting it when session is destroyed?

thanks in advance.

PHP defaults to using cookies. If a session cookie doesn't exist when you call session_start(), one will be created for you (assuming various conditions are met, like no output having been performed before the session_start() call).
session_id()
Destroying a session means wiping the data stored in the session on the server. You have to manually remove the session cookie on the client side (by expiring it).
Sessions are tied to a particular user by their ID. two different users will have two different IDs, meaning their $_SESSION will be unique for EACH user. If you assign the same value to a session variable for all users, all users will have that same value, but a unique COPY of that value.
There is no answer for this. Far too many variables involved: server memory/cpu speed, network bandwidth, disk bandwidth, code efficiency, blah blah blah
Sessions can be hijacked. Sessions in databases aren't necessary unless you're doing a multi-server PHP install or sharing a server with other people. Session files can be made unique per-site, so using file-based sessions is not necessarily a security problem.

If you're doing your own session handlers, then YOU are responsible for the creation/updating/deletion of the session data.

Answers :-

1). Yes, with name "PHPSESSID" or "Default name set for sesssion in your php.ini".

2). you can know about session id with the help of session_id() function.

3). Yes, you may if you want. How i Recommend to destroy session

if(session_id() == '' || !isset($_SESSION)) {
    session_start();
}
session_unset();
session_destroy();
session_write_close();
setcookie(session_name(),'',0,'/');
session_regenerate_id(true);

4). No Each different user has different session store in your session folder.

5). Depends... on server space, and your session size. [Just for reference, sessions are stored as a file in your server, and is referred from there itself], So its debatable to answer such question.

6). Sessions can be hijacked , and for that if your host serves all site session in 1 folder, you better change your host, And My Recommended way to start session is as below :-

if (session_start()) {
$exp = "7200"; // set your expiry time, here 60*60*2 = 7200 i.e, 2 hour
    setcookie('PHPSESSID', session_id(), time()+$exp, '/', null, null, true);
}

What's happening in above, code, you are actually overriding your session name and value with Cookies which is httpOnly, and make sure, "TraceEnable" is off in your System. This makes your Cookies Stealing almost impossible.