Issam Posted November 16, 2014 Share Posted November 16, 2014 (edited) Hi, is two people or more sitting on the same local network and sharing the same public ip address will have the same session if they browse all of them into the same website or same php script that create session ? Edited November 16, 2014 by Issam Quote Link to comment https://forums.phpfreaks.com/topic/292508-php-sessions/ Share on other sites More sharing options...
Ch0cu3r Posted November 16, 2014 Share Posted November 16, 2014 No. Sessions are tied to the user by cookies. Each user is assigned a unique session identifier. Quote Link to comment https://forums.phpfreaks.com/topic/292508-php-sessions/#findComment-1496763 Share on other sites More sharing options...
Issam Posted November 16, 2014 Author Share Posted November 16, 2014 Thanks, but how the server recognize that particular user from the other while both have the same public ip address ? how cookie can identify which one of them ? Quote Link to comment https://forums.phpfreaks.com/topic/292508-php-sessions/#findComment-1496765 Share on other sites More sharing options...
Russia Posted November 17, 2014 Share Posted November 17, 2014 Thanks, but how the server recognize that particular user from the other while both have the same public ip address ? how cookie can identify which one of them ? every ethernet/wifi card a computer or phone has is assigned a different physical address, i think it grabs data off of that. Quote Link to comment https://forums.phpfreaks.com/topic/292508-php-sessions/#findComment-1496774 Share on other sites More sharing options...
Ch0cu3r Posted November 17, 2014 Share Posted November 17, 2014 how cookie can identify which one of them ? As I said cookies are used to identify the user. How this works is you when call session_start. It will check to see if an existing session is valid. It will do this by looking to see if a cookie named PHPSESSID exists. It will then retrieve the session id from that cookie and check to make sure the session has not timed out. If the cookie does not exist or the existing session has expired it will create a new session and a new PHPSESSID cookie will be issued with a new unique session id. It is this id contained within the PHPSESSID cookie that will identify the user. Having multiple users from the same network accessing the same site will not result in the same session being used. Each user will have their own unique session. PHP takes no notice of the users IP address. Quote Link to comment https://forums.phpfreaks.com/topic/292508-php-sessions/#findComment-1496800 Share on other sites More sharing options...
Issam Posted November 17, 2014 Author Share Posted November 17, 2014 (edited) Suppose that in a coffee shop we are three connected to the same router and sharing the same public ip, so our local network is the following : User1 : Ch0cu3r User2 : Russia User3 : Issam As far as i know, the only identifier used by php to physically identify a machine is ny its public ip address (before doing session stuff..). So when Russia connects to phpfreaks and authenticate while Issam and Ch0cu3r are not yet authenticated, so the server receive a request with its public ip, the packet that the server receive will also contain the local ip of the machine in the local network to be able to distinguish it from other requests coming from the same public ip. And here the question that come to ask, how to grab the local ip from the packet and use it especially using php ? or the http protocol interdict extracting local ip addresses ? Edited November 17, 2014 by Issam Quote Link to comment https://forums.phpfreaks.com/topic/292508-php-sessions/#findComment-1496808 Share on other sites More sharing options...
Psycho Posted November 17, 2014 Share Posted November 17, 2014 Issam, As was already stated multiple times, session has nothing to do with IP address. When you initiate a session a cookie with be placed on the user's machine that identifies the session ID. So, if one users hits the site and no session ID exists on their PC, the a new one will be created. So, if a second user accesses the site, they will not have the session ID of the first, therefore a new session will be created. (Session IDs can be passed via GET rather than in cookies, but that is not the norm from what I have seen). So, different PCs behind the same public IP will not share sessions. But, you last question is now asking about how to get the IP address. You can find that in the $_SERVER super global, but it is not to be relied upon since it can be spoofed. Quote Link to comment https://forums.phpfreaks.com/topic/292508-php-sessions/#findComment-1496811 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.