is PHPSESSID variable unique?

Anonymous · Aug 4, 2005

hi everbody?
i worry about that how is PHPSESSID variable will be generated?
random or time-dependent?
i mean time-dependent that somewhere i saw that ex;
$phpsesid = random(microtime()); like this, this code not true at all.
do you share me your knowlegde about this?

gesf · Aug 5, 2005

Session IDs look like some md5 hash, but don't know how it is created... it doesn't matter!
That code just shows you that you can create a different session ID.
Example:

Code:

<?php

$my_sess_id = 'dwfwfan_' . time();
session_id($my_sess_id);

// Now you have your own session ID!

?>

Of course this is not that secure, 'cause it must be unique and this one can fail!

Alexej Kubarev · Aug 5, 2005

php session id IS unique however php session id spoofing might be performed. therefore i am advising everyone to take a look at http://www.phpsec.org A php security consorium: the have some very usefull information on how to secure your applications.

To secure yourself from session id spoofing: use session_regenerate_id();

is PHPSESSID variable unique?

Anonymous

Guest

gesf

New member

Alexej Kubarev

New member