How do sessions track more than one user

Question

Sorry this is probably a beginners question. If I'm using $_SESSION variables how does the server track more than one user/reference them e.g. Say John has logged on $_SESSION['username']="John" how would system reference Peter and James who have also logged on because you cannot have $_SESSION['username']="Peter" and $_SESSION['username']="James" as they would over write each other?

I'm probably missing something simple here.

Answer 1

@user2976086

$_SESSION is precisely what keeps users apart for the php server. Each time session_start is called, php server creates a new client session(if such is not already started) which usually results in a cookie named PHPSESSID being created in your browser. On server side, the php server creates, let's say, a unique $_SESSION array for each unique session id(stored in the cookie, only one per browser). That is why you can only log in with one user per browser(you can log in with 2 accounts simultaneously to most sites using firefox and chrome for example as a cookie is created for each browser). That is why u can not "overwrite" $_SESSION['username'] with different user unless you log out in that browser window causing session_destroy to be called or remove the cookie containing sessionid for current user.

try reading: http://www.php.net/manual/en/session.security.php