HongKilDong
Reputation: 1316
How does php script handle two PHPSESSIDs?
How does php script handle session vars if it gets two cookies with PHPSESSIDs ? Does it populates $_SESSION with vars from first PHPSESSID or from last one ? Or just merges them ?
Upvotes: 0
Views: 165
Answers (2)
Sajid
Reputation: 4421
$_COOKIE is an associative array, and the session cookie value would be parsed to that, so the last one wins. However, since browsers update the cookie when a "Set-Cookie" header is sent from the server, the only read reason for this is probably client-side tampering.
Upvotes: 1
Gumbo
Reputation: 655229
There can only be one active session. And it’s the first session ID that has been found in either $_COOKIE, $_GET or $_POST that’s name matches the current session.name value.
Upvotes: 0
Related Questions
- PHP PHPSESSID exploit confusion
- Multiple PHPSESSID collisions
- PHP Session Handlers and PHPSESSID generation/verification
- PHP - What happens if I get two equal session id?
- How is the PHPSESSID generated?
- PHPSESSID via get
- How to read a session with a PHPSESSID
- can not understand regenerating session id
- What is actually php session_id?
- PHP session id's differ