PHPSESSID same attribution possible?

Question

Is it possible for a webserver to assign a PHPSESSID currently used by another client at the moment of attribution?

Or a check is made before attribution ?

I am little confused by your question. Are you asking if its possible for PHP to assign the same PHPSESSID to multiple clients? — Scott, Jun 28 '16 at 14:37
Most likely this is possible - During a quick look at the code at github I didn't notice any checks to prevent this. However the session id is pretty long which means the odds of this happening are very very small. — user254948, Jun 28 '16 at 14:50

score 0 · Answer 1 · answered Jun 28 '16 at 14:55

0

This ID is generated automatically when you make a session_start.

 session_start();

If you know some ID you can force to assign that to another instance/client, but in my opinion that could be a security risk, I don't recommend you to do that.

answered Jun 28 '16 at 14:55

Willem Franco

854
9
7

score 0 · Answer 2 · answered Jun 28 '16 at 15:26

0

Follow logic should work theoretically:

Close and save current

session_write_close();
Set new session ID

session_id(YOUR_SESSION_ID_HERE);
Run new session

session_start();

answered Jun 28 '16 at 15:26

Rinat

429
5
14

PHPSESSID same attribution possible?

2 Answers2