PHP - $_Session

Question

i have a simple question about the session in php.

If i have a web-server and i use a session like

$_SESSION['user_login'] = 1;

this session is shared also with the other users ?
I mean:

IF user A is doing a login his session has 1;
Now user B is doing a login and his session has 1

So:

userA--->Session=1
userB--->Session=1

Now userA do a logout and i destroy the session with
unset($_SESSION['user_login']);

The question is:
the session of userB is still at 1?? or also his session is finished?
i don't understand if the session are on the stack of every thread or are shared with every threads.

Answer 1

In PHP sessions are per user. Each user is assigned a unique session ID to identify their session. Only a user who has that session ID can then access the session information associated with it.

From the manual:

A visitor accessing your web site is assigned a unique id, the so-called session id. This is either stored in a cookie on the user side or is propagated in the URL.

The session support allows you to store data between requests in the $_SESSION superglobal array. When a visitor accesses your site, PHP will check automatically (if session.auto_start is set to 1) or on your request (explicitly through session_start()) whether a specific session id has been sent with the request. If this is the case, the prior saved environment is recreated.

See session hijacking to see how another malicious user can hijack another user's session.