At 14:20 16.03.2003, Peter Goggin said: --------------------[snip]-------------------- >Is the value returned by session_id (), called after session_star() always a >unique string? >The results of several trials gave me: >6f88d2d3fd7d0d47aea1e45087368adc >3cc2c1b299fcaa6f4fd107683d78a00c >115e8da118af1c5d88d6db1c1481077a >26dda220f9d64de593ce2f2de6b4bb6e >26dda220f9d64de593ce2f2de6b4bb6e > >i.e. every time i started a new session I got a unique string, while the >string remained the sme within the same session. --------------------[snip]--------------------
That's exactly how it should be. The session ID is the unique key to the session private data, and is passed between client and server either via cookie, or via request parameter, whatever is necessary (PHP can determine this automatically). The key is supposed to be unique on a single server. It is derived by calculating a random value, starting with the current systems sec/usec, and a random number. If an external entropy source is available the resulting ID is further randomized using this entropy. Finally it is converted to a hex string. (If you're interested in the actual code to accomplish this, you may find it in {php_source_directory}/ext/session.c, _php_create_id(), and {php_source_directory}/ext/standard/lcg.c, php_combined_lcg()). -- >O Ernest E. Vogelsinger (\) ICQ #13394035 ^ http://www.vogelsinger.at/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php