0

I am a newbie to php.

I just learned that you can create a session variable for a user after his login such as

$_SESSION['id']=****some value(say 3)******;

and this session variable is maintained as long as he doesn't log out(i.e. you clear this session variable using session_destroy).

Now , I have a confusion that if another user logs in then won't this id variable be overwritten thus logging the previous user out? If this is true ,then what can I do to resolve it?

Improve this question
0

2 Answers 2

Reset to default
1

PHP sessions are tied to a user by a unique (random) ID string, generated the first time you invoke session_start() for a user. That ID is stored in the client browser as a cookie (or possibly via hidden form fields/query parameters).

Even though $_SESSION is used throughout the code, the CONTENTS of that $_SESSION array are tied to a particular user via that ID string. That means if I hit your site, $_SESSION will contain my details. If you hit your site, $_SESSION will contain your details.

There should be no practical way for my details to "leak" in your session, or vice versa. Destroying my session will not destroy yours, because yours is a completely different session, with a different ID.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

All sessions are tied to a unique session ID. This is typically set inside the user's cookie.

Improve this answer

1 Comment

:So how the server distinguishes id session variable for each user.Does it uses cookies for it by sending it to user automatically,even if we haven't written code to create cookies?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.