If I initiate a REST authentication request 

$url = SFDC_LOGIN_URI."/services/oauth2/authorize?response_type=code&client_id=$id&redirect_uri=".urlencode(SFDC_CALLBACK_URI);

header("Location: ". $url); 

When SFDC invokes my callback page I get a code.  

Question is; If I have multiple users in my application invoking the code above.  Is it possible to match up each authentication request with the callback response that SFDC provides?

I tried appending a session Id to the redirect_uri in my code but SFDC throws an error that the URI did not match.