PHP session login

If the first user enters their user data and it’s correct…

I set $_SESSION[‘login’] = true;

Will this still be set/true for the next/another user, or will this only be set for that first user?

Depends on how you implemented sessions. But without session_start() nothing would happen at all. Default behavior of the php core session management is to open a new session if no session-id was provided by the client. You could just test this with using multiple browsers.

Session variables, by their definition, only apply to that browser session.

If you’re using a single computer for multiple people, then there is a possibility of session information being retained between users (provided the next user continues the session before the timeout), but otherwise, each session is unique and does not exchange variables with any other session.


So I dont need to create session variables and assign unique ID’s for each user, it is managed automatically?

In that case it should be enough that I start the session and only check if the $ _SESSION [‘login’] variable isset?

But lets say I login to my site from my computer(chrome), then my brother on the same ip(different computer) visits the my site also from chrome… Does that mean that there is a chance that he might get logged in to my account if I ONLY check if session variable is set to true?

No, the session information is passed back and forth by the browser and the server. If the browser shows up without a session key, the server will create a new session identifier and hand it to the browser for future communications.

You can test this yourself, by starting a session with one browser, and then using another browser application to visit the same site.

session_start() handles the negotiation and establishment of the session ID, which is what is used to identify which browser session the user belongs to.

1 Like

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.