Menu
I'm trying to create a custom session ID generator. From what I've read across the sites you can do this by manually editing PHP's settings files, however, it will not be available until I switch from my shared servers to a fully customisable one.
What i'm trying to ask is whether it's possible to specify how session IDs are generated by inputting a PHP code to a page? My intention is to use the same mechanics as the default ID generator, but use sha512 and a few custom goodies such as salt.
904
Starting a PHP Session To begin a new session, simply call the PHP session_start() function. It will create a new session and generate a unique session ID for the user.
The session ID is generated using the Random Number Generator (RNG) cryptographic provider. The service provider returns a sequence of 15 randomly generated numbers (15 bytes x 8 bit = 120 bits). The array of random numbers is then mapped to valid URL characters and returned as a string.
It's not a firm uniqueness condition especially from a security perspective.
session_regenerate_id() will replace the current session id with a new one, and keep the current session information. When session. use_trans_sid is enabled, output must be started after session_regenerate_id() call. Otherwise, old session ID is used.
If you pass a string to the session_id() function before calling session_start(), you can set the session ID yourself. For example:
function generate_id() {
...
return $your_id;
}
session_id(generate_id());
session_start();
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
