Currently i have a custom session storage setup using session_set_save_handler and mysql. The question i have pertains to the probability of a session hash collision. The system currently stores the session hash in a mysql table that stores the session data, session hash and expiration time. But i am extending the time the session lasts to a week longer than its current time, this will obviously cause an increase in the amount of id’s stored, and thus an increase in the possibility of a hash collision.
I’ve read that php checks if a session id already exists before generating it… for its default session handler that is, but does it still check when using a custom handler? If not its a trivial matter to program in my own check, i’d just like to know before adding in more overhead.
p.s. If it matters i have the session garbage collector time set to an hour with a probability of 1 with a divisor of 1 so that it will always run every hour.