in my implementation, when I login, I create a session:
require_once ('connect.php');
$conn = new mysqli($servername, $username, $password, $dbname);
if ($conn -> connect_errno) {
echo "Failed to connect to MySQL: " . $conn -> connect_errno;
exit();
}
$stmt = $conn->prepare("SELECT * FROM xx where email =?");
$stmt -> bind_param('s', $checkEmail);
$stmt -> execute();
$result = $stmt->get_result();
while ($row = $result->fetch_assoc()) {
if ($result -> num_rows ==1) {
if ($row['registration_status'] != "Active") {
session_start();
$_SESSION['error'] = "<b>This user name is deactivated. <br> Please create a new account.</b><span>";
header("Location: http://www.aminvestments.rs/last/registration.php"); /* Redirect browser */
exit();
}
elseif (password_verify($checkPwd, $row['password'])) {
session_start();
$_SESSION['mail'] = $row['email'];
$_SESSION['registration_type'] = $row['registration_type'];
$_SESSION['consentemail'] = $row['emailupdate'];
$_SESSION['start_activity']=time();
header("Location: http://www.xxxxx/index.php?".$_COOKIE[PHPSESSID]); /* Redirect browser */
exit();
}
else{
session_start();
$_SESSION['error'] = "<b>This user name or password combination does not exist. <br> Please try again.</b><span>";
header("Location: http://www.xxx/registration.php"); /* Redirect browser */
exit();
}}}
$stmt -> close();
$conn->close();
?>
all seems working fine. my doubt is the following: the sessions are stored on the server-side, in fact, if I log in, let's say from firefox, and then, I open another firefox tab, the session is provided automatically (magic of php...). but... if i open my site again from chrome, i can login with different user, and provide a different session. Now, the question is: how php knows that? it saves also the browser from where I am logging in?
