1

I have been trying to do something like below.

JavaScript

$.ajax({
   url: 'login.php',
   type: 'GET',
   success: function(response) {
      // get token and store in cookie for further requests to other files
   }
});

Login.php

<?php
   // getting $user_id from database again user email and password
   $user_id = "12345"; 

   $_SESSION["user"] = $user_id;

   echo $user_id;
?>

Now as multiple users would be using the app and calling the same login.php passing their email and password, I want to return them their id which they can use to access other resources. I am interested to know if PHP sessions would be different for all users or the same user would overwritten if 2 or more than 2 users login at the same time? I am not sure about PHP session scope.

Umair A.
  • 6,690
  • 20
  • 83
  • 130

1 Answers1

2

They would each have their own unique session. Please make sure you also call session_start() first in your login.php

Authman Apatira
  • 3,994
  • 1
  • 26
  • 33
  • And if I'll call unset($_SESSION["user"]) which one would be destroyed? – Umair A. Dec 20 '11 at 15:38
  • Only the session belonging to the user who's browser resulted in the execution of the script which contains the unset($_SESSION['user']) call =) ! – Authman Apatira Dec 20 '11 at 15:41
  • You believe the cookies aren't being passed with the ajax request? – Umair A. Dec 20 '11 at 15:48
  • Cookies are sent with jQuery AJAX request: http://stackoverflow.com/questions/1041285/does-jquery-send-cookies-in-a-post Please note though, that if you destroy the session, it wont matter what the cookie has unless you've built in additional logic which re-logs in the user based on cookie data. In that case, when you unset the session variable, make sure you just clear the cookie too. – Authman Apatira Dec 20 '11 at 15:53
  • Nice. The response has Set-Cookie: PHPSESSID=tpma2siuboco2h4orakbgln0o7; path=/ and is it stored in cookie behind the scene as well? – Umair A. Dec 20 '11 at 15:55
  • So that right there is a php session id. Session ID is always passed when you call session_start() and you dont have to worry about that. If you clear the username variable, just having the id of the session will not persist the data. For a good concise overview: http://tuxradar.com/practicalphp/10/1/2 – Authman Apatira Dec 20 '11 at 15:57