Menu
I'm making a table in a MySQL database to save some session data, including session_id. What should be the length of the VARCHAR to store the session_id string?
435
Session identifiers should be at least 128 bits long to prevent brute-force session guessing attacks. The WebLogic deployment descriptor should specify a session identifier length of at least 128 bits. A shorter session identifier leaves the application open to brute-force session guessing attacks.
PHP - session_id() Function Sessions or session handling is a way to make the data available across various pages of a web application. The session_id() function is used to set or retrieve a custom id to the current.
Before getting a session id you need to start a session and that is done by using: session_start() function. Now that you have started a session you can get a session id by using: session_id().
The session ID enables an ASP.NET application to associate a specific browser with related session data and information on the Web server. Session ID values are transmitted between the browser and the Web server in a cookie, or in the URL if cookieless sessions are specified.
Depends on session.hash_function and session.hash_bits_per_character.
Check out the session_id page for more info.
The higher you set session.hash_bits_per_character the shorter your session_id will become by using more bits per character. The possible values are 4, 5, or 6.
When using sha-1 for hashing (by setting ini_set('session.hash_function', 1) the following session string lengths are produced by the three session.hash_bits_per_character settings:
4 - 40 character string
5 - 32 character string
6 - 27 character string
148
@sachleen answer isn't full.
More detailed info about session id length is described here.
Summary:
128-bit digest (MD5) 4 bits/char: 32 char SID 5 bits/char: 26 char SID 6 bits/char: 22 char SID 160-bit digest (SHA-1) 4 bits/char: 40 char SID 5 bits/char: 32 char SID 6 bits/char: 27 char SID And sample regex to check session id:
preg_match('/^[a-zA-Z0-9,-]{22,40}$/', $sessionId) If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
