Menu
Community /Pin to ProfileBookmark
@NogDogMay 18.2010 — #I don't think (but am not 100% sure) that there would be any difference in the session ID allocation regardless of whether you use the default session handler or your own. If using PHP 5, you could reduce any such (very small) likelihood via the [url=http://fr.php.net/manual/en/session.configuration.php#ini.session.hash-function]session.hash_function[/url] config item and setting it to "1" so that it uses sha-1 instead of md5.
Session id collision with custom session storage
Currently i have a custom session storage setup using session_set_save_handler and mysql. The question i have pertains to the probability of a session hash collision. The system currently stores the session hash in a mysql table that stores the session data, session hash and expiration time. But i am extending the time the session lasts to a week longer than its current time, this will obviously cause an increase in the amount of id’s stored, and thus an increase in the possibility of a hash collision.
I’ve read that php checks if a session id already exists before generating it… for its default session handler that is, but does it still check when using a custom handler? If not its a trivial matter to program in my own check, i’d just like to know before adding in more overhead.
p.s. If it matters i have the session garbage collector time set to an hour with a probability of 1 with a divisor of 1 so that it will always run every hour.
Sign in
to post a comment3 Comments(s) ↴
0
@NogDogMay 18.2010 — #I don't think (but am not 100% sure) that there would be any difference in the session ID allocation regardless of whether you use the default session handler or your own. If using PHP 5, you could reduce any such (very small) likelihood via the