sumeet wrote:One more thing i wanna add here is that the session id generated by PHP is not secure ..
It can be. You misunderstand how the function works.
sumeet wrote:
as if i opened two logins in diff tabs of firefox it generated same id .. can anyone explain me y it is so ??
Yes, because you misunderstand tabs and the nature of authentication.
In simple terms, you login to a site. Once you do, you've established a session with the server.
All subsequent tabs inherit that session. If you open a new tab, thats still "you", and it still has that session. Thats not insecure. If your app correctly destroys a session before creating a new one, the second tab would end up with a new session, and the first tab would have an invalid session.
If your app isnt destroying a session before creating a new one, thats an application/coding error.
Tabs are meant to share/reuse/inherit the authentication from the previous tab - otherwise every tab you opened would require you to relogin, which would be incredibly obnoxious and useless.