1

New to sessions and just wondering if there is any possible that if (in our case) two bookings are being processed at the same time the session variables can get confused.

For example if user 1 makes a booking, the information stays in sessions while he logs in. Meanwhile another user makes a booking who is already logged in. Is their any chance that the sessions could get confused.

If the answer is yes, would the solution be to have a unique temporary name as part of the session names a bit like TMP name in file upload.

And if so, how to do it.

Many Thanks,

Improve this question
2
  • I'm not so sure but I think that server takes care of sessions so there's no chance for server to be confused this way. However, I'd also like to know if that's not true. Commented Mar 30, 2011 at 18:30
  • 1
    Are you referring to two users on the same computer? If they are in a different browser then they won't be interfered, but it is impossible to have two users in the same browser unless you code your own way. Commented Mar 30, 2011 at 18:31

4 Answers 4

Reset to default
3

I believe the UID (what php assigns as a session ID) is randomly generated off of the server time, so the answer is no. No two people will be assigned the same UID.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

It's not because it is random that it's not going to be the same. But there is a test to prevent duplication (i.e. on the second generation, if the generated ID exists, then it tries again until a unique ID is generated.)
0

I don't see how the sessions could get confused. The server generates a unique session id for that user's session. On each page request the user's browser sends the session id to the server and the server validates that it's a valid session.

As long as the session ids are unique and the user doesn't discover another user's session id, then there is no rom for confusion.

Improve this answer

Comments

0

Session IDs are essentially just random numbers. It's HIGHLY unlikely, but NOT impossible for two or more users to get the same session ID.

PHP does (I believe) check if there's another session currently using the ID it's just generated. If there's a collision, it'll just generate another one, and keep trying until something "unique" comes up. However, this doesn't prevent the case where:

  1. user A gets session ID 'X'
  2. user A goes away for a while and session 'X' gets expired
  3. user B shows up, and the server generates session ID 'X' again by random chance
  4. user A comes back with their original session X cookie ID and gets user B's session.

Again, given the size of the session ID space, it's very very very unlikely for this to occur. But also again, it's not impossible.

Beyond that, there are cases where broken/misconfigured proxy servers get cookies confused and basically 'cross wires' so that session IDs get mixed up between different users. I remember a case where a mobile operator's gateway did just that, and people on a certain model of smartphone were getting other people's sessions instead of the one they'd been on.

Improve this answer

4 Comments

In the third step of your example: I was under the impression that the epoc time was used to generate the random number. If that's true, then step three really can't happen. Put me in my place, sir. :)
PHP doesn't check. randomness alone is enough to prevent collisions.
@k: Current time is one of the factors, but isn't the only factor. If it was purely a unix timestamp, then any visitors within the same 'second' would get the same ID.
Agreed. I guess it's like a salt?
0

Just to extend Marc's answer a bit.

A possibility he is talking about is very similar to a possibility to be killed by meteorite from space.

So, in practice the answer is NO. You can rely on big numbers like everyone else does

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.