you are over complicating it.
the login works like this:
you enter the user name and password to the login form.
the database is queried to look for a record with the username and password you enter. If the username and login is found, the ID for that record is stored in a session variable.
so your thinking of storing 2 session variables, wouldn't solve anything, the one session is the result of the 2 values (username and password) being found in the database.
Session Variables are not stored in cookies, they are accessible by the server only. A session is terminated on the following:
User Logs Out
User Closes the web browser ( This includes restarting the computer)
Server Times out - if the user is not active on the site for a certain amount of time, the session is terminated.