0

if I use session in a web app

can I be assured that every guest who visits the site has a unique session id?

and for example I use a rand() to generate and store a $_SESSION

can I be assured that every set of rand() is also unique?

say min is 123456789 and max is 1234567890

if not

how can I check each of sessions stored to see whether rand() has already generated same number?

is there such thing as looping through sessions?

thanks!

4
Contributors
5
Replies
6
Views
5 Years
Discussion Span
Last Post by vaultdweller123
0

can I be assured that every guest who visits the site has a unique session id?

No, though the likelihood of a collision is rather low.

and for example I use a rand() to generate and store a $_SESSION

can I be assured that every set of rand() is also unique?

Certainly not, and the likelihood of repeated random numbers is very good. If you want a unique customer id then I'd recommend looking into options other than just a pseudorandom number.

Is the customer id only used for that session, or are you storing it in a database for later retrieval?

0

Is the customer id only used for that session, or are you storing it in a database for later retrieval?

t wont be saved in the database, customer id genrated by rand will then be updated to real customer id once customer has logged in.

No, though the likelihood of a collision is rather low.

what do you suggest then? is there such thing as setting a certain session id?

thanks!

0

customer id genrated by rand will then be updated to real customer id once customer has logged in.

I'm not sure I understand the logic. You're generating a temporary id for some reason?

what do you suggest then? is there such thing as setting a certain session id?

I'd need a better idea of what you're trying to accomplish to make a suggestion.

0

Why don't you create a visitors table linked to session id. When the session is no longer valid it gets garbaged along with the visitor id. However, if a visitor performs an action that means that the data should be transferred to the main tables, you shouldn't have any collisions - you could set a cron job to do this or set up DB sessions. As mentioned rand() should never be used to get unique numbers. A db table set with an autoincrement field linked to the session *should* obviate collision. My 2p - correct me if I'm wrong.

Edited by diafol: n/a

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.