Basically, whenever a session is started, a temp file (cookie) is created on the server side which is identified by a randomly generated sessionID (PHPSESSID) and contains a session's information (registered variables and their values).
Eg. The file sess_f828da0ce39572a81e4a803d10928150
contains : logged_id|i:0;css_file|s:13:"mainstyle.css";msg|s:0:"";
In order for the client system to make use of these variables, it must know which temp file it "owns". The same sessionID gernerated earler must be stored on the client side somehow and made available to each page that needs to use the session variables. If the client "knows" the sessionID, then it knows which tempfile it "owns" on the server. You can do this two ways:
1. passing it from page to page using a client-side cookie which stores nothing but the sessionID
Eg. The file: blahblah_temp
2. or passing it via GET/POST variables (in the URL)
The latter form is not as secure but allows you to work around users that do not allow cookies. Here's a good explanation of the difference: http://www.fluidthoughts.com/howto/php/sessions/
Hope this helps!