I have been reading about session cookies and have a few questions.
How does the browser/server pass the session id between pages? Especially if it is not part of the URL. I understand how http://www…com/?.. works. Do I have to manually add $_SESSION[‘blah’] = blah2 for each varible, including the id? Or would I have to have a hidden input in my form? Or is it automatic?
Another question I have is how the server determines the difference between one user and another who have sessions opened at the same time. If one user had an id of 123 and another has 456, what stops the second from using the first and vice versa, or a third person from using one of the other id’s? Is there any security behind this (maybe IP or MAC)?