At 14:20 16.03.2003, Peter Goggin said:
--------------------[snip]--------------------
>Is the value returned by session_id (), called after session_star() always a
>unique string?
>The results of several trials gave me:
>6f88d2d3fd7d0d47aea1e45087368adc
>3cc2c1b299fcaa6f4fd107683d78a00c
>115e8da118af1c5d88d6db1c1481077a
>26dda220f9d64de593ce2f2de6b4bb6e
>26dda220f9d64de593ce2f2de6b4bb6e
>
>i.e. every time i started a new session I got a unique string, while the
>string remained the sme within the same session.
--------------------[snip]--------------------
That's exactly how it should be. The session ID is the unique key to the
session private data, and is passed between client and server either via
cookie, or via request parameter, whatever is necessary (PHP can determine
this automatically).
The key is supposed to be unique on a single server. It is derived by
calculating a random value, starting with the current systems sec/usec, and
a random number. If an external entropy source is available the resulting
ID is further randomized using this entropy. Finally it is converted to a
hex string. (If you're interested in the actual code to accomplish this,
you may find it in {php_source_directory}/ext/session.c, _php_create_id(),
and {php_source_directory}/ext/standard/lcg.c, php_combined_lcg()).
--
>O Ernest E. Vogelsinger
(\) ICQ #13394035
^ http://www.vogelsinger.at/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
