Is 'openai-ephemeral-user-id' unique per Custom GPT?

Basically if you think about it all actions are based on this header provided automatically from OpenAI which changes every 24 hours. However if for the same logged-in user, for some Custom GPT A and another Custom GPT B the correspondings actions are provided with the same ‘openai-ephemeral-user-id’, then this means that the custom GPT that you have access (e.g. Custom GPT A) can retrieve this information and use it maliciously in Custom GPT B. Which is a critical security issue.


According to my experimentation, HTTP_OPENAI_EPHEMERAL_USER_ID is unique per custom GPT.

I am able to get the same user ID on different chats with the same custom GPT however when the same user messages and other custom GPT the ID is different.

I could not confirm when it changes precisely yet.