Menu
I'm wondering about how the $_SESSION array works. If I have a lot of users using my site do I need to set a subarray for each user? For instance right now I have
$_SESSION['userid'] = $userid; $_SESSION['sessionid'] = $sessionid; $_SESSION['ipaddress'] = $ipaddress; but in order to cope with more users do I need to make a multidimensional array?
$_SESSION[$userid]['sessionid'] = $sessionid; $_SESSION[$userid]['ipaddress'] = $ipaddress; Is the $_SESSION global handled per client or just overall? Will having $_SESSION['userid'] set on login kick the previous user out and instate the latest logged in user?
420
There can be only one at the same time. However, if it's the client, then it's definitely possible to have multiple clients sharing the same session (and inherently also exactly the same logged-in user).
Besides session hijacking, one session is always tied to just one user. Do I have to link the session somehow with the username on login If you don't store which user is using that session, is there any point in having user accounts? @Epodax It is not!
Yes, it's unique to each user.
The answer is "no". You cannot start multiple sessions simultaneously. And if you do, you'll get an error like "A session had already been started". You don't need to start simultaneous sessions, so long you can create multiple keys.
No. There is a seperate $_SESSION created for each user. This is all done by the server, you don't have to worry about it. When writing your code, treat the $_SESSION as if there was only one user on the site.
Edit: Actually, on thinking about it, it is a very good question to ask. It is good to ask these sorts of questions, it means you are seriously thinking about how your code truly works. Keep asking these things, and keep testing. I have a feeling that one day you will be writing some amazing code.
So on that note, here is some info from the apache site:
What is a session?
At the core of the session interface is a table of key and value pairs that are made accessible across browser requests. These pairs can be set to any valid string, as needed by the application making use of the session.
Keeping sessions on the server
Apache can be configured to keep track of per user sessions stored on a particular server or group of servers. This functionality is similar to the sessions available in typical application servers.
If configured, sessions are tracked through the use of a session ID that is stored inside a cookie, or extracted from the parameters embedded within the URL query string, as found in a typical GET request.
And from the PHP docs on Sessions:
Session support in PHP consists of a way to preserve certain data across subsequent accesses. This enables you to build more customized applications and increase the appeal of your web site.
A visitor accessing your web site is assigned a unique id, the so-called session id. This is either stored in a cookie on the user side or is propagated in the URL.
The session support allows you to store data between requests in the $_SESSION superglobal array. When a visitor accesses your site, PHP will check automatically (if session.auto_start is set to 1) or on your request (explicitly through session_start() or implicitly through session_register()) whether a specific session id has been sent with the request. If this is the case, the prior saved environment is recreated.
178
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
