At 19:50 12.03.2003, Mathieu Dumoulin spoke out and said: --------------------[snip]-------------------- >Hi, i'd like to know how PHP determines what session_id to hand out to >users. > >Is it based on some real value like the browser and the ip address? an >incremental number? I want to make sure that it doesnt provide two same >session id for the different users at the same time. --------------------[snip]--------------------
{php_source_directory}/ext/session/session.c this has it all - look for _php_create_id(). Basically it generates an MD5 digest from the current secs and usecs (system time) and a pseudo-random number (see php_combined_lcg() in standard/lcg.c). If an entropy file is available (usually on unix systems) it uses the entropy to further randomize the digest. In a final step the digest is converted to a hex string. -- >O Ernest E. Vogelsinger (\) ICQ #13394035 ^ http://www.vogelsinger.at/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php