Generated session id collisions possible?

Not for 'how-to' coding questions but PHP theory instead, this forum is here for those of us who wish to learn about design aspects of programming with PHP.

Moderator: General Moderators

Post Reply
mu-ziq
Forum Newbie
Posts: 11
Joined: Fri Jul 08, 2005 9:42 pm

Generated session id collisions possible?

Post by mu-ziq »

If I use PHP's native /tmp session management, will PHP check the /tmp folder after every random PHPSESSID generation to make sure it did not just generate a PHPSESSID identical to an existing one?

I realize the chances of two exact session id's being generated are extremely miniscule but I'm wondering if PHP bothers with this check at all or does it rely solely on the low probability of such event ever occuring.

Thanks.
User avatar
Ollie Saunders
DevNet Master
Posts: 3179
Joined: Tue May 24, 2005 6:01 pm
Location: UK

Post by Ollie Saunders »

Never heard of a session id collision. I doubt it is possible.
User avatar
raghavan20
DevNet Resident
Posts: 1451
Joined: Sat Jun 11, 2005 6:57 am
Location: London, UK
Contact:

Re: Generated session id collisions possible?

Post by raghavan20 »

mu-ziq wrote:If I use PHP's native /tmp session management, will PHP check the /tmp folder after every random PHPSESSID generation to make sure it did not just generate a PHPSESSID identical to an existing one?

I realize the chances of two exact session id's being generated are extremely miniscule but I'm wondering if PHP bothers with this check at all or does it rely solely on the low probability of such event ever occuring.

Thanks.
who would bother better than PHP? rely on PHP buddy after all we code using it.
User avatar
Jenk
DevNet Master
Posts: 3587
Joined: Mon Sep 19, 2005 6:24 am
Location: London

Post by Jenk »

AFAIK, yes it does check.

However it is recommended you use your own session storage solution, especially if using a shared host. Still use session_start() et al, but invoke the session_set_save_handler function, to invoke your own implementation of a session handler to redirect the data to a better location. Your Database, for example.
Post Reply