I know that the chance of duplication of Session ID is extremely rare. But still, I was pondering over the consequences of it.
I thought about a situation where the session ID is used to store the 'user ID' and 'logged in' state of a user. So, if by chance a session ID got duplicated then a person might get access to someone else's dashboard if the 'logged in' state of session ID was true.
I don't have a clear idea if this situation could occur. Please clarify on the same.
it is not very likely or probable that you will generate two equal session ID's. Though of course this will depend on the algorithm that was used to generate the ID's.
A session ID would normally be generated based on a number of factors unique to the user, including IP and time generated; further pushing of the chances of a duplicate occurring.
But, to further safe-guard you could tie the session ID to the users location or IP to further prevent the slim chances.