I've been looking at the ZF Session component and it looks rather extensive but I continue to have a fundamental misunderstanding on the inner workings of the PHP session, and even though I've been writing in PHP for years, I'm still a little lost in that department. Don't get me wrong, I know what a PHP session is, I know how to use it - I actually wrote a nice little session class years ago based on a tutorial I read, and it has always worked great for my various projects. In my session class I just grabbed the user's randomly generated token via the use of $_SESSION['token'] (which I assumed was stored on the server) and stored/compared it with the token in the database

However, confusion and frustration set in rather recently as I've scaled up my projects. I will be working on large-scale high-traffic web apps that will set on load-balanced server farms. Several people have warned not to use PHP sessions because they can be problematic when it comes to HTTP load balancing and that of course made sense. I've been urged to look at using cookies only, and this is where I really get confused...

If cookies and PHP sessions are two separate methods used to maintain client persistence, what exactly are cookie-based sessions? Reading over the PHP manual it sounds like Sessions have always naturally used cookies (as opposed to URL IDs) and if that is true, why am I being cautioned NOT to use Sessions in load-balanced environments? How does ZF handle sessions?

Thanks for any help!