If I use PHP's native /tmp session management, will PHP check the /tmp folder after every random PHPSESSID generation to make sure it did not just generate a PHPSESSID identical to an existing one?
I realize the chances of two exact session id's being generated are extremely miniscule but I'm wondering if PHP bothers with this check at all or does it rely solely on the low probability of such event ever occuring.
Thanks.
Generated session id collisions possible?
Moderator: General Moderators
- Ollie Saunders
- DevNet Master
- Posts: 3179
- Joined: Tue May 24, 2005 6:01 pm
- Location: UK
- raghavan20
- DevNet Resident
- Posts: 1451
- Joined: Sat Jun 11, 2005 6:57 am
- Location: London, UK
- Contact:
Re: Generated session id collisions possible?
who would bother better than PHP? rely on PHP buddy after all we code using it.mu-ziq wrote:If I use PHP's native /tmp session management, will PHP check the /tmp folder after every random PHPSESSID generation to make sure it did not just generate a PHPSESSID identical to an existing one?
I realize the chances of two exact session id's being generated are extremely miniscule but I'm wondering if PHP bothers with this check at all or does it rely solely on the low probability of such event ever occuring.
Thanks.
AFAIK, yes it does check.
However it is recommended you use your own session storage solution, especially if using a shared host. Still use session_start() et al, but invoke the session_set_save_handler function, to invoke your own implementation of a session handler to redirect the data to a better location. Your Database, for example.
However it is recommended you use your own session storage solution, especially if using a shared host. Still use session_start() et al, but invoke the session_set_save_handler function, to invoke your own implementation of a session handler to redirect the data to a better location. Your Database, for example.