How to generate a unique session ID in php

Question

On our websites we want to make it possible to share sessions accros multiple domains. All these websites are on the same server but some of them have a different IP address.

The possible solution I found was to set the session ID myself:

<?php
session_id($someUniqueHash);
?>

And this works, if I make the hash like md5('test'). On a other domain on te same server we have the session again.

The problem is generating the ID. I see some solutions on the internet with microtime etc, but when I use that approach I can't predict the session ID on the other domain / PHP page.

Does anyone have an idea? Or shouldn't we implement this? Are there other options to share session over multiple domains? (NOT subdomains!)

Answer 1

I've achieved this system by using an OAuth type flow but we replaced the Consumer with the User.

So each domain would have the authenticated Access_Token in its own session. You would then use that Access_Token to get information about user from an api.

I also solved the session problem using session_set_save_handler and storing sessions in a database table... This table would have the Access_Token also, making it really easy to find the session with a DB Query.

Hope this helps with ideas.