At 19:50 12.03.2003, Mathieu Dumoulin spoke out and said:
--------------------[snip]--------------------
>Hi, i'd like to know how PHP determines what session_id to hand out to
>users.
>
>Is it based on some real value like the browser and the ip address? an
>incremental number? I want to make sure that it doesnt provide two same
>session id for the different users at the same time.
--------------------[snip]--------------------
{php_source_directory}/ext/session/session.c
this has it all - look for _php_create_id().
Basically it generates an MD5 digest from the current secs and usecs
(system time) and a pseudo-random number (see php_combined_lcg() in
standard/lcg.c). If an entropy file is available (usually on unix systems)
it uses the entropy to further randomize the digest. In a final step the
digest is converted to a hex string.
--
>O Ernest E. Vogelsinger
(\) ICQ #13394035
^ http://www.vogelsinger.at/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
