how does laravel use the session in framework itself

I think it's called in the web middleware

@shanely laravel does not use native php sessions so you won't find session_start in the code base.

It has its own implementation for session handling. You can start from here to learn more:

https://github.com/laravel/framework/blob/5.4/src/Illuminate/Session/Middleware/StartSession.php#L49

When in doubt, always go to the source.. Here is the starting point :

1. In App\Http\Kernel, Global middleware Illuminate\Session\Middleware\StartSession is called (this happens for EVERY REQUEST)

2. The constructor (StartSession class) instantiates the appropriate \Illuminate\Session\SessionManager based on your config settings (defaults to file)

3. Notice comments inside the handle method of the StartSession middleware:

// Note that the Laravel sessions
// do not make use of PHP "native" sessions in any way since they are crappy.

And so on..

@Snapey @usman @gator ,

Thank you for your all inputs, I will read all your links.

@gator

In App\Http\Kernel, Global middleware Illuminate\Session\Middleware\StartSession is called (this happens for EVERY REQUEST)

Correct me please if I am wrong. StartSession only occurs for web requests and not api requests

    protected $middlewareGroups = [
        'web' => [
            \App\Http\Middleware\EncryptCookies::class,
            \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
            \Illuminate\Session\Middleware\StartSession::class,
            // \Illuminate\Session\Middleware\AuthenticateSession::class,
            \Illuminate\View\Middleware\ShareErrorsFromSession::class,
            \App\Http\Middleware\VerifyCsrfToken::class,
            \Illuminate\Routing\Middleware\SubstituteBindings::class,
        ],

        'api' => [
            'throttle:60,1',
            'bindings',
        ],
    ];

@Snapey, you are right. Web requests only. I missed the API group as I was looking at the source code of Laravel 5.0 :-)