Page 1 of 1

Sessions... SID... ???

Posted: Sat Jul 19, 2003 3:26 am
by patnet2004
im new to php and im just now getting into sessions and i have a few questions that my book doesn't answer directly...

when i call session_start() it makes a const named "SID", right?

so this SID is totally unique?

and the only way it would ever be reused is if i call the session_destroy() function?

Posted: Sat Jul 19, 2003 4:32 am
by Fredix
yes, once a sid is a assigned it would not be given to a second person until you either destroy it or until it expires.

as far as I know there is only one problem with session ids: they might be guessed by chance and then a second person is handled like the first one and this is a security risc. But i think this is nearly impossible