As per my understanding, PHP processes doesn't behave as application server process. So, after the execution of a script the PHP process retains no user specific data. It instead stores them in the user's cookie. So whatever we store in $_SESSSION goes into cookies. Is this true? If yes then are they stored in clear text or some encoding or encryption is done?
No, the only thing that goes into the session cookie is the ID of the session - a random alphanumeric string. All the session data is stored on the server in a file (using the default session handler, though you can override to store the data anywhere/any way you want).