Jump to content

Recommended Posts

Thanks, but how the server recognize that particular user from the other while both have the same public ip address ? how cookie can identify which one of them ?

every ethernet/wifi card a computer or phone has is assigned a different physical address, i think it grabs data off of that.

Link to comment
https://forums.phpfreaks.com/topic/292508-php-sessions/#findComment-1496774
Share on other sites

 

 

how cookie can identify which one of them ?

As I said cookies are used to identify the user.

 

How this works is you when call session_start.

 

It will check to see if an existing session is valid. It will do this by looking to see if a cookie named PHPSESSID exists. It will then retrieve the session id from that cookie and check to make sure the session has not timed out.

If the cookie does not exist or the existing session has expired it will create a new session and a new PHPSESSID cookie will be issued with a new unique session id.

 

It is this id contained within the PHPSESSID cookie that will identify the user.

 

Having multiple users from the same network accessing the same site will not result in the same session being used. Each user will have their own unique session. PHP takes no notice of the users IP address.

Link to comment
https://forums.phpfreaks.com/topic/292508-php-sessions/#findComment-1496800
Share on other sites

Suppose that in a coffee shop we are three connected to the same router and sharing the same public ip, so our local network is the following :

 

User1 : Ch0cu3r

User2 : Russia

User3 : Issam

 

As far as i know, the only identifier used by php to physically identify a machine is ny its public ip address (before doing session stuff..). So when Russia connects to phpfreaks and authenticate while Issam and Ch0cu3r are not yet authenticated, so the server receive a request with its public ip, the packet that the server receive will also contain the local ip of the machine in the local network to be able to distinguish it from other requests coming from the same public ip. And here the question that come to ask, how to grab the local ip from the packet and use it especially using php ? or the http protocol interdict extracting local ip addresses ?

Edited by Issam
Link to comment
https://forums.phpfreaks.com/topic/292508-php-sessions/#findComment-1496808
Share on other sites

Issam,

 

As was already stated multiple times, session has nothing to do with IP address. When you initiate a session a cookie with be placed on the user's machine that identifies the session ID. So, if one users hits the site and no session ID exists on their PC, the a new one will be created. So, if a second user accesses the site, they will not have the session ID of the first, therefore a new session will be created. (Session IDs can be passed via GET rather than in cookies, but that is not the norm from what I have seen).

 

So, different PCs behind the same public IP will not share sessions. But, you last question is now asking about how to get the IP address. You can find that in the $_SERVER super global, but it is not to be relied upon since it can be spoofed.

Link to comment
https://forums.phpfreaks.com/topic/292508-php-sessions/#findComment-1496811
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.