I am a php newbie and am going through the code of retwis as redis tutorial. While going through the code, I ran into following piece of snippet
function isLoggedIn() {
global $User, $_COOKIE;
if (isset($User)) return true;
if (isset($_COOKIE['auth'])) {
$r = redisLink();
$authcookie = $_COOKIE['auth'];
if ($userid = $r->hget("auths",$authcookie)) {
if ($r->hget("user:$userid","auth") != $authcookie) return false;
loadUserInfo($userid);
return true;
}
}
return false;}
function loadUserInfo($userid) {
global $User;
$r = redisLink();
$User['id'] = $userid;
$User['username'] = $r->hget("user:$userid","username");
return true;}
So what the code is doing here is that, when a user opens say index.php, we call isLoggedIn, if the user satisfied the authentication then we load the user info (id and username) in the global $User variable and use it other php pages to display information much like session variables.
My question how is this use of global variable correct? Are not global variable shared across the application(for multiples users)? If lets say user1 logs in and we set $User with user1 credential and then user2 logs in, wont then the $User variable be changed/overriden with data of user2 and show incorrect data for user1? But in application everything is working fine, Can anyone explain to me what I am doing wrong?