if I use session in a web app

can I be assured that every guest who visits the site has a unique session id?

and for example I use a rand() to generate and store a $_SESSION

can I be assured that every set of rand() is also unique?

say min is 123456789 and max is 1234567890

if not

how can I check each of sessions stored to see whether rand() has already generated same number?

is there such thing as looping through sessions?

thanks!

can I be assured that every guest who visits the site has a unique session id?

No, though the likelihood of a collision is rather low.

and for example I use a rand() to generate and store a $_SESSION

can I be assured that every set of rand() is also unique?

Certainly not, and the likelihood of repeated random numbers is very good. If you want a unique customer id then I'd recommend looking into options other than just a pseudorandom number.

Is the customer id only used for that session, or are you storing it in a database for later retrieval?

Is the customer id only used for that session, or are you storing it in a database for later retrieval?

t wont be saved in the database, customer id genrated by rand will then be updated to real customer id once customer has logged in.

No, though the likelihood of a collision is rather low.

what do you suggest then? is there such thing as setting a certain session id?

thanks!

customer id genrated by rand will then be updated to real customer id once customer has logged in.

I'm not sure I understand the logic. You're generating a temporary id for some reason?

what do you suggest then? is there such thing as setting a certain session id?

I'd need a better idea of what you're trying to accomplish to make a suggestion.

Member Avatar

diafol

Why don't you create a visitors table linked to session id. When the session is no longer valid it gets garbaged along with the visitor id. However, if a visitor performs an action that means that the data should be transferred to the main tables, you shouldn't have any collisions - you could set a cron job to do this or set up DB sessions. As mentioned rand() should never be used to get unique numbers. A db table set with an autoincrement field linked to the session *should* obviate collision. My 2p - correct me if I'm wrong.