* Thus wrote Michael Gale: > Hello, > > I have a question about the uniqid function ... on a loaded system ... > lets say 60 people connected with each person making 2-3 web request per > second. > > Each request running the following php command: > > "$token_name=md5(uniqid(rand(), true));" > > What would the odds be of the $token_name being repeated ? Is this > something I would have to worry about ?.
The odds are very low. uniqid() by itself is based of of time to the microsecond. The lcg paremater randomized a psudo number to avoid collisions at the same microsecond. And the rand(), depending on you're system, defaults to seeding itself with including the PID. So the seed to rand() should, in theory, be different for each differnt request. The md5() is rather pointless in the uniqness of the token, it will basically prevent intruders from predicting a token. Nonetheless, it's probably still desired in your token generation. Curt -- First, let me assure you that this is not one of those shady pyramid schemes you've been hearing about. No, sir. Our model is the trapezoid! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
