On Mon, 18 Feb 2002 [EMAIL PROTECTED] wrote: > > We have the same problem with SRM, Sterling tried to fix it, but didn't > > succeed in this yet. Sascha also added that it doesn't really matter > > who creates the id, because MD5 is random enough anyways. > > MD5 is not random. The session code relies on the random number generator
I wrote 'random enough', that's something different than random. > in the single machine. All random number generators have a period of > randomness. Given any sufficiently used system, there is a likelyhood of a > collision. Given [n] machines sharing sessions, this probability increases. > > The only "correct" way to accomplish uniqueness is to check for existence. I know that, and BTW, PHP is not using plain MD5, but the combination of a random seed and MD5. Did you calculate the possibility it could collide? It would be interesting to know... Derick -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php
