are session variables in php confidential -

suppose if store query of url using $_get['query'] , convert session variable $_session['var'] , post on webpage if have different queries different people see same or different query? if same person using different queries same or different one?

anything store in $_session specific session , nothing in $_session directly accessible user, accessible if make accessible, instance echo. however, sessions identified session identifier (also called sid) passed , forth between server , user (usually in cookie, in query string in url).

session hijacking occurs when other person initiated session gets hold of sid , able make request using same session. in case, have access legitimate user has access to. in case, no not confidential. there lots of ways protect against session hijacking, best being use secure connections (https). that's different question.

what person sees depends on how you're presenting it. showing sample code clarify things. instance, if do:

<?php session_start(); if(isset($_session["query"])) {     echo $_session["query"]; } $_session["query"] = $_get["query"]; ?> 

then user see query sent last request.

honestly, sounds you're little confused on what query , session is. if can clarify you're trying do, , if can provide sample code, might able more.