Question 1: Using too many global variables is generally considered a bad practice.
You have to understand the scope of variables in a script. Say the user requests index.php which includes settings.php and funkystuff.php. Any variables declared in index.php will be accessible in the included files, and any variables declared in those files will be accessible in index.php after the included files are run. They will be erased when index.php finishes; there is no way to make script's life persist beyond a request.
That said, you could declare some constants in settings.php [using define('CONSTANT_NAME', value)] and use them throughout your other scripts.

Question 2: A session is a set of values (session variables) identified by a session ID. The session variables are stored on the server, while the session ID is transmitted with each request somehow; the default method is to use a cookie, while another oft-used method is to use a GET parameter. The cookie option is generally more reliable and secure as it avoids the chance of session hijacking (one user sending a URL containing a session ID to someone else who then inadvertently 'hijacks' their session). You may also wish to check the user's IP address as well as their session ID to further avoid this.

The session variables are never automatically transmitted to the user.