Then you issue session_start() in your code, a number of things happen in quick succession:
PHP determines whether session garbage-collection must take place:
PHP divides the value of the runtime configuration setting "session.gc_probability" by the value of the runtime configuration setting "session.gc_divisor". (The default value for session.gc_probability is 1. The default value for session.gc_divisor is 100.)
PHP generates a random number.
If the random number is smaller than the calculated quotient, garbage-collection activates
If garbage collection is to take place, PHP checks all files in the directory specified by the runtime configuration setting "session.save_path". It is looking for all files older than the number of seconds in the runtime configuration setting "session.gc_maxlifetime". All files older than that number of seconds are deleted.
PHP then checks to see whether a cookie named the same as the runtime configuration setting "session.name" was sent by the browser.
If the cookie exists, PHP fetches the value of that cookie. That value is the current session id.
If the cookie does not exist, PHP generates a session id and sets a cookie named as specified in "session.name". The value of that cookie is the generated session id.
If a session cookie with a session id was sent by the user's browser, PHP will look in the directory specified by "session.save_path". It is looking for a file named "sess_" plus the session id.
If that file is found, PHP reads the session data stored there and populates $_SESSION.
If the file is not found, PHP initializes $_SESSION as empty