How well do sessions scale?

What behaviors will I see if this limit is exceeded?
No limit really -- other than that imposed by whatever mechanism you're
using to store the session data. PHP's default session handler uses
files, so you're limited by disk space and any per-directory size
limits your OS might impose.
2. Is there a practical limit on the number of simultaneous
sessions a simple server can handle? Would exceeding
this generate a "too many users" message or something?
Again, you're limited by the session handler. If your OS has a limit
on the number of files in a single directory, that's your answer.
3. How does PHP/Apache handle abandoned sessions?
I'm assuming that after an interval of no activity, a session
is deleted?
Stale sessions are deleted by the garbage collection routine. There
are a couple of parameters that define what get's deleted and when.
Check out:

http://www.php.net/manual/en/ref.ses...gc-maxlifetime
http://www.php.net/manual/en/ref.ses...gc-probability
http://www.php.net/manual/en/ref.ses...ion.gc-divisor
4. Do you know of any good discussions on this topic, and
could you steer me toward them (rather than using bandwidth
and time to redundantly say it all over again here)?

(http://thornhenge.org/IvyIsEvil/). Unless the visitor has Javascript
disabled, the redirect from index.html happens before that page is
rendered and so long as index.html and home.html are lightweight, there
is no discernable delay. (If the visitor has turned off Javascript,
meta redirection kicks in, or he can use an explicit link to
home.html-- and main.php will set up his session profile with default
values).

But I am worried about whether I'll run into server performance issues
with higher traffic. I'm new to PHP-- gradually working my way through
Welling & Thomson's book with frequent delvings into Gilmore's book
(and heavy use of www.php.net/manual/). I've yet to see any discussion
on the practical limits of sessions. So my more or less specific
questions are:

1. What is the practical size limit for the session array? What
behaviors will I see if this limit is exceeded?
If $_SESSION for a single session is more than a few megabytes,
you'll increase the size of the httpd processes a lot and potentially
have more swapping/paging. Also, you'd better have plenty of disk
space to store the session files. And saving and restoring big
session files every hit is a lot of disk I/O.
2. Is there a practical limit on the number of simultaneous
sessions a simple server can handle? Would exceeding this
generate a "too many users" message or something?
UNIX doesn't work real well with directories with large numbers
of files in them. I'd try to keep it well under 100,000 session
files. However, you can easily write a session handler that
stuffs sessions in a database table rather than in files. This
has advantages that the sessions can be accessed from multiple
round-robin servers serving the same content (for when you run
low on CPU power). That can probably handle a few hundred million
simultaneous sessions (but probably not the associated hit rate
unless you've got some really powerful hardware).
3. How does PHP/Apache handle abandoned sessions? I'm assuming
that after an interval of no activity, a session is deleted?

No limit really -- other than that imposed by whatever mechanism you're
using to store the session data. PHP's default session handler uses
files
<snip>
Also bear in mind that PHP allows you to redefine the session handler.
In other words, if you don't like PHP's default of storing session data
in files, you could make it use a database