> On Mon, 18 Feb 2002 [EMAIL PROTECTED] wrote: > >> In my module, msession, I have routines that guarentee that a session >> id is unique within a cluster of web servers. >> >> The problem I have is that session creates and sets the session cookie >> without some mechanism to allow me to replace the session id string, >> prior to the session code setting the cookie. >> >> In some test code I have, I set the PHPSESSID cookie with my value, >> and replace the internal value used, but oddly enough both values >> exist in the browser, and depending on any set of random events, it is >> not predictable which PHPSESSID value gets used. >> >> Any hints? Tips? > > We have the same problem with SRM, Sterling tried to fix it, but didn't > succeed in this yet. Sascha also added that it doesn't really matter > who creates the id, because MD5 is random enough anyways.
MD5 is not random. The session code relies on the random number generator in the single machine. All random number generators have a period of randomness. Given any sufficiently used system, there is a likelyhood of a collision. Given [n] machines sharing sessions, this probability increases. The only "correct" way to accomplish uniqueness is to check for existence. -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php
