Sessions in php, how to handle log ins

Question

I am getting confused about how the $_SESSION variable should be used. So far I learned it is used to store temporary data for example if a user logs in I can set some session variables to be able to tell that he/she is logged in. Now my problem is: should I create a session for each user and when the user logs out destroy it or use just one session for all the users? I am having this doubt because I found this "guide lines" http://www.wikihow.com/Create-a-Secure-Login-Script-in-PHP-and-MySQL and to log out the users they do:

include_once 'functions.php';
sec_session_start();

// Unset all session values 
$_SESSION = array();

// get session parameters 
$params = session_get_cookie_params();

// Delete the actual cookie. 
setcookie(session_name(),
    '', time() - 42000, 
    $params["path"], 
    $params["domain"], 
    $params["secure"], 
    $params["httponly"]);

// Destroy session 
session_destroy();
header('Location: ../index.php');

But isn't this code deleting all the values stored in the $_SESSION variable therefore all the others users logins?

Tokk · Accepted Answer

Every user (user in terms of browser) on your website gets his own session and therefore sort of his own $_SESSION variable.
You can check your cookies on your website there is usualy one called PHPSESSID with an unique identifier for each user/browser. The session data is stored on the server and only if you have the right session id you get the values in the $_SESSION var.
Now if you destroy this variable for one user only his data is gone, the data of all other users is still there and accessible for them.

Sessions in php, how to handle log ins

Answers (2)

Related Questions