I am in one confusion how session will be managed if cookie is disabled on client browser and also don't want to use query string to attach session id with url. is there any way to implement session in this situation?
one more question how sessions are managed between server and browser?
I believe session cannot live if cookies are disabled on client browser and you don't want to use query string to attach session id with url.
how sessions are managed between server and browser
As you already said, via cookie or by adding session id to the query string.
Browser connects to the server, server sets session cookie, which is a usual cookie. Session cookie will be passed along with other cookies/values second time browser connects to the server. The only difference between session cookie and other cookies is PHP has internal support for session cookie to make it hassle-free for programmers.
You could for instance write an identifier to a hidden field on the page, and then maintain the session by POSTing each page to the next one, or alternatively trying to identify the user based on IP and other known info and maintaining the session behind the scenes based on this.
The standard practice is cookies with a fallback to session IDs in URLs. If you do fall back to URL-based sessions you need to ensure that these are not served to search engine spiders (who don't accept cookies).