As I understand it, PHP processes do not behave like an application server process. Thus, after the script is executed, the PHP process does not contain user data. Instead, they are stored in a user cookie. So, everything we store in $_SESSSIONgoes into cookies. It's true? If so, are they stored in clear text or is some encoding or encryption performed?
$_SESSSION
No, the only thing that is included in the session cookie is the session identifier - a random alphanumeric string. All session data is stored on the server in a file (using the default session handler, although you can override it to store data anywhere / in any way).
No, it is not. Only the session identifier is stored in the session cookie. Session data is stored on the server (albeit in plain text, by default).
"cookie", , . "" . , , , .
( "" ), . ( ), IP- , , IP- User Agent . , HTTP .
cookie - , . HTTP-. cookie $_SESSION.