In case you don't know, HTTP is stateless, which means the server you are communicating will not know who you are or what you've said to it before.
Say you logged in to a website, you will notice that you don't need to type your username, password etc when you visit the site again.
It looks like the server knows who you are, how could this be possible?
That's because a "session" is handling this for you.
Remember that HTTP is stateless, which means the server has no memories about what it said or what it heard.
Thus, the server gives your browser a little piece of "note", and told your browser to bring the note every time your browser wants to talk to it.
We call the "note" a "session".
In general, there are two ways of keeping a session.
One way is the server writes everything (including who you are, what you've said) in the session and give it to you.
Another way is the server writes a ID on the session and give it to you. Other stuffs like who you are, what you've said is saved into a database it manages. So each time you come and hand in the ID, it will look up the database based on the ID.
The first approach is much more scalable since one may luanch multiple servers and each of them can read the "session" on its own.
The second one, however, is more harder to scale. Since it requires database access, it might cause performance issues if a lot of people want to talk to the servers at the same time.