php sessions

[Issam]

Hi, is two people or more sitting on the same local network and sharing the same public ip address will have the same session if they browse all of them into the same website or same php script that create session ?

Edited November 16, 2014 by Issam

[Ch0cu3r]

No. Sessions are tied to the user by cookies. Each user is assigned a unique session identifier.

[Issam]

Thanks, but how the server recognize that particular user from the other while both have the same public ip address ? how cookie can identify which one of them ?

[Russia]

Thanks, but how the server recognize that particular user from the other while both have the same public ip address ? how cookie can identify which one of them ?

every ethernet/wifi card a computer or phone has is assigned a different physical address, i think it grabs data off of that.

[Ch0cu3r]

 

 

how cookie can identify which one of them ?

As I said cookies are used to identify the user.

 

How this works is you when call session_start.

 

It will check to see if an existing session is valid. It will do this by looking to see if a cookie named PHPSESSID exists. It will then retrieve the session id from that cookie and check to make sure the session has not timed out.

If the cookie does not exist or the existing session has expired it will create a new session and a new PHPSESSID cookie will be issued with a new unique session id.

 

It is this id contained within the PHPSESSID cookie that will identify the user.

 

Having multiple users from the same network accessing the same site will not result in the same session being used. Each user will have their own unique session. PHP takes no notice of the users IP address.

[Issam]

Suppose that in a coffee shop we are three connected to the same router and sharing the same public ip, so our local network is the following :

 

User1 : Ch0cu3r

User2 : Russia

User3 : Issam

 

As far as i know, the only identifier used by php to physically identify a machine is ny its public ip address (before doing session stuff..). So when Russia connects to phpfreaks and authenticate while Issam and Ch0cu3r are not yet authenticated, so the server receive a request with its public ip, the packet that the server receive will also contain the local ip of the machine in the local network to be able to distinguish it from other requests coming from the same public ip. And here the question that come to ask, how to grab the local ip from the packet and use it especially using php ? or the http protocol interdict extracting local ip addresses ?

Edited November 17, 2014 by Issam

[Psycho]

Issam,

 

As was already stated multiple times, session has nothing to do with IP address. When you initiate a session a cookie with be placed on the user's machine that identifies the session ID. So, if one users hits the site and no session ID exists on their PC, the a new one will be created. So, if a second user accesses the site, they will not have the session ID of the first, therefore a new session will be created. (Session IDs can be passed via GET rather than in cookies, but that is not the norm from what I have seen).

 

So, different PCs behind the same public IP will not share sessions. But, you last question is now asking about how to get the IP address. You can find that in the $_SERVER super global, but it is not to be relied upon since it can be spoofed.