Your server can be serving multiple pages at once, they are independent of each other.
For example page1.php could set $var = true and page2.php sets $var = false; Even if they are being executed together there is no conflict because $var in page 1 has nothing to do with $var in page 2.
It’s the same with $_POST. When the user submits the form they are requesting submitted_form.php and posting the form data there. That request is totally separate from another one, that another user might be making to another (or even the same script). It’s the request and script execution that matters, not the particular PHP files involved.
1.) Values get sent when the form is submitted
2.)The values stay in $_POST until the end of the script execution. PHP is stateless, so at the end of every request (when the script finishes) all variables are gone.
When the user hits the send button he is really requesting “Form_1_processed.php”
The input from the form goes to the $_POST array accessed by “Form_1_processed.php” which is the action page in the form.
After php is finished processing it serves the result to the user’s browser. There might or might not be a form in the new page just served.
There might be 100 or 1000 users doing the same thing at the same time but each process is separate (in parallel). But the server has to have a way of knowing who is who so as not to mix them up. This is done by tracking the users with cookies or ids (tokens) in the form.
You had it right the first time. LogInForm.php executes, and sends a form to the browser. That script has finished executing before the user has seen the page, or even had time to think about submitting the form. The page is just in the browser memory and has no link to the PHP script that generated it.
Then they type username/password and submit. This sends a whole new request to LogInProcess.php . It will have $_POST[‘username’] and $_POST[‘password’]. That page can validate the values and redirect as you say. If it redirects the user like this:
Then that will be a brand new request, and again, no POST data.
To persist data you start using sessions.
Once validated (successful login) you’d put the username and password into a session. Session data is stored on the server so that it can persist between requests as the user browses the site. In order for the server to know which session file belongs to which user, the user must pass the session ID with subsequent requests. This almost always happens with a cookie. Cookies are sent to the server automatically with every request (the opposite of how POST works).
So the user will now have a cookie with their unique session ID. Every page they request, they are sending that cookie to the server. The server can then access $_SESSION to find their data. You’ll actually check their login on every private page. Once they are logged in PHP gets the username and PW from the session so the user doesn’t need to submit a form for every page.