#2 16.08.06 19:21
Re: [php] session_id
Hi,
If you are dealing with non-PHP built in sessions here is the way to always generate unique session id. Function uniqid generated sessionid which is based on time stamp down to microsecond. Then random component is added to it making it unique beyond one microsecond. Take md5 out of sessionid and get 128-bit (32 chars) session id that can be directly transported in URLs etc..
$sessionid=md5(uniqid(rand(1000000,9999999), true));
This is what we use and never have had problems!
Cheers, Juha
Offline
#10 17.08.06 10:46
Re: [php] session_id
А я плохой совет дал?
P.S.
php manual написал(а):
Если вам нужен уникальный идентификатор или лексема и вы намереваетесь выдать эту лексему пользователю по сети (т.е. как куки сессии), рекомендуется использовать её вместе со строками.
Код::
$token = md5(uniqid("")); // без префикса $better_token = md5(uniqid(rand(),1)); // лучше, труднее взломатьЭто создаст 32-символьный идентификатор (128-битное 16-ричное число), который очень трудно угадать.
Offline
#11 17.08.06 11:00
#12 17.08.06 13:23
Re: [php] session_id
Взято из сырцов php5
Код: cpp:
PHPAPI char *php_session_create_id(PS_CREATE_SID_ARGS) { PHP_MD5_CTX md5_context; PHP_SHA1_CTX sha1_context; unsigned char digest[21]; int digest_len; int j; char *buf; struct timeval tv; zval **array; zval **token; char *remote_addr = NULL; gettimeofday(&tv, NULL); if (zend_hash_find(&EG(symbol_table), "_SERVER", sizeof("_SERVER"), (void **) &array) == SUCCESS && Z_TYPE_PP(array) == IS_ARRAY && zend_hash_find(Z_ARRVAL_PP(array), "REMOTE_ADDR", sizeof("REMOTE_ADDR"), (void **) &token) == SUCCESS) { remote_addr = Z_STRVAL_PP(token); } buf = emalloc(100); /* maximum 15+19+19+10 bytes */ sprintf(buf, "%.15s%ld%ld%0.8f", remote_addr ? remote_addr : "", tv.tv_sec, tv.tv_usec, php_combined_lcg(TSRMLS_C) * 10); switch (PS(hash_func)) { case PS_HASH_FUNC_MD5: PHP_MD5Init(&md5_context); PHP_MD5Update(&md5_context, buf, strlen(buf)); digest_len = 16; break; case PS_HASH_FUNC_SHA1: PHP_SHA1Init(&sha1_context); PHP_SHA1Update(&sha1_context, buf, strlen(buf)); digest_len = 20; break; default: php_error_docref(NULL TSRMLS_CC, E_ERROR, "Invalid session hash function"); efree(buf); return NULL; } if (PS(entropy_length) > 0) { int fd; fd = VCWD_OPEN(PS(entropy_file), O_RDONLY); if (fd >= 0) { unsigned char rbuf[2048]; int n; int to_read = PS(entropy_length); while (to_read > 0) { n = read(fd, rbuf, MIN(to_read, sizeof(rbuf))); if (n <= 0) break; switch (PS(hash_func)) { case PS_HASH_FUNC_MD5: PHP_MD5Update(&md5_context, rbuf, n); break; case PS_HASH_FUNC_SHA1: PHP_SHA1Update(&sha1_context, rbuf, n); break; } to_read -= n; } close(fd); } } switch (PS(hash_func)) { case PS_HASH_FUNC_MD5: PHP_MD5Final(digest, &md5_context); break; case PS_HASH_FUNC_SHA1: PHP_SHA1Final(digest, &sha1_context); break; } if (PS(hash_bits_per_character) < 4 || PS(hash_bits_per_character) > 6) { PS(hash_bits_per_character) = 4; php_error_docref(NULL TSRMLS_CC, E_WARNING, "The ini setting hash_bits_per_character is out of range (should be 4, 5, or 6) - using 4 for now"); } j = (int) (bin_to_readable(digest, digest_len, buf, PS(hash_bits_per_character)) - buf); if (newlen) *newlen = j; return buf; }
Исправлено A-Lex (17.08.06 13:23)
Offline
