Session size for concurrent users

I have a question about codeigniter sessions size... 
Is the session stored on client side or server side?
what about size limitation? I read some topics, and some developers said 4KB and they said only session id is stored in browser. If this is true, what about concurrent users? I stored some data, like user_id, username, user_first_name, user_last_name, user_avatar_name using  set_userdata (and also some flashdata), instead of use queries in every page,  and use these values through the whole site. Now my question is about many concurrent users that want to logged in, in the same time and surf the site (like an online exam or anything). What about session size limitation? Is it considered for one user or all users?
any help?

Each web browser has there own limits, 4kb for data and 250 cookies max. Newer web browsers have broken those limits, but not all of them.

My advice would be to use database sessions for it.

What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )

The session data is always stored serverside. A cookie is data stored in the client side. When you use a session in PHP a small cookie is created (a session id token). That way the session id is stored clientside and PHP makes the connection between the user (based on the session id) and all the data inside the session (stored on server).

The SQL that is used to create the table that stores the sessions:

Code:

CREATE TABLE IF NOT EXISTS  `ci_sessions` (
    session_id varchar(40) DEFAULT '0' NOT NULL,
    ip_address varchar(45) DEFAULT '0' NOT NULL,
    user_agent varchar(120) NOT NULL,
    last_activity int(10) unsigned DEFAULT 0 NOT NULL,
    user_data text NOT NULL,
    PRIMARY KEY (session_id),
    KEY `last_activity_idx` (`last_activity`)
);

The data itself is stored as a TEXT field which can hold 64 Kilobytes. The 4K you refer to is the max size of a cookie (all cookies for a domain are counted together).

The session data is always stored serverside. A cookie is data stored in the client side. When you use a session in PHP a small cookie is created (a session id token). That way the session id is stored clientside and PHP makes the connection between the user (based on the session id) and all the data inside the session (stored on server).

The SQL that is used to create the table that stores the sessions:

Code:

CREATE TABLE IF NOT EXISTS  `ci_sessions` (
    session_id varchar(40) DEFAULT '0' NOT NULL,
    ip_address varchar(45) DEFAULT '0' NOT NULL,
    user_agent varchar(120) NOT NULL,
    last_activity int(10) unsigned DEFAULT 0 NOT NULL,
    user_data text NOT NULL,
    PRIMARY KEY (session_id),
    KEY `last_activity_idx` (`last_activity`)
);

The data itself is stored as a TEXT field which can hold 64 Kilobytes. The 4K you refer to is the max size of a cookie (all cookies for a domain are counted together).

This SQL code refers to the CI2 sessions ... which are in fact always stored in a cookie. Even when you use a database, it's just a duplicate of the cookie-stored data.

CI3 matches your description, but uses a different database structure (that is, if you pick the database session driver).

The session data is always stored serverside. A cookie is data stored in the client side. When you use a session in PHP a small cookie is created (a session id token). That way the session id is stored clientside and PHP makes the connection between the user (based on the session id) and all the data inside the session (stored on server).

The SQL that is used to create the table that stores the sessions:

Code:

CREATE TABLE IF NOT EXISTS  `ci_sessions` (
    session_id varchar(40) DEFAULT '0' NOT NULL,
    ip_address varchar(45) DEFAULT '0' NOT NULL,
    user_agent varchar(120) NOT NULL,
    last_activity int(10) unsigned DEFAULT 0 NOT NULL,
    user_data text NOT NULL,
    PRIMARY KEY (session_id),
    KEY `last_activity_idx` (`last_activity`)
);

The data itself is stored as a TEXT field which can hold 64 Kilobytes. The 4K you refer to is the max size of a cookie (all cookies for a domain are counted together).

This SQL code refers to the CI2 sessions ... which are in fact always stored in a cookie. Even when you use a database, it's just a duplicate of the cookie-stored data.

CI3 matches your description, but uses a different database structure (that is, if you pick the database session driver).

I'm using CI3, and know about different drivers. My mean was not about database driver for sessions. I mean default driver (file driver) and store some data. As you know, we could have flashdata, tempdata ,... I put some necessary alarms in flashdata, and this is will removed automatically for next request. I put some info (and now, it is just user_id) in a session:
$this->session->set_userdata('user_id', $user_id);
set this for use in other controllers and...
For this type, if many users logged in and want to surf website, is there size limitation?
I want to know this.
thanks.

No.