I believe session cannot live if cookies are disabled on client browser and you don't want to use query string to attach session id with url.

how sessions are managed between server and browser

As you already said, via cookie or by adding session id to the query string.

Browser connects to the server, server sets session cookie, which is a usual cookie. Session cookie will be passed along with other cookies/values second time browser connects to the server. The only difference between session cookie and other cookies is PHP has internal support for session cookie to make it hassle-free for programmers.

The only possibilities that don't use cookies or query strings will be troublesome and prone to error.

You could for instance write an identifier to a hidden field on the page, and then maintain the session by POSTing each page to the next one, or alternatively trying to identify the user based on IP and other known info and maintaining the session behind the scenes based on this.

Thanks for reply, i also assume same, but some one asked me that if i have disabled cookies in my system, then how your application will work, so i was confused?

so can you please tell in that case what we have to do? means for such situation we have to do additional code for precaution?

The standard practice is cookies with a fallback to session IDs in URLs. If you do fall back to URL-based sessions you need to ensure that these are not served to search engine spiders (who don't accept cookies).