Random Identifiers PHP

If you ever need to track users through a site, you will need to assign unique identifiers. In a database you can store all the information you know about the user and pass the identifier from page to page either through links or with cookies. You will have to generate these identifiers randomly, otherwise it is too easy for anyone to masquerade as a legitimate user. Fortunately, random identifiers are easy to generate. A pool of characters to use in the session identifier is defined. Characters are picked randomly from the list to build a session identifier of the specified length.

It's very important to have random numbers here. Suppose you simply used the seconds on the clock. For an entire second, every session identifier would be the same. And it's very likely many people will be accessing a Web site during a single second. I've used the time on the microsecond clock to seed the random generator, but even this allows the window of opportunity for getting a duplicate session identifier. One way to avoid this situation is to use a lockable resource that holds a seed—for example, a file. Once you lock the file, you can read the seed and write back a new one, at which point you are assured that two concurrent processes get the same seed.


All rights reserved © 2018 Wisdom IT Services India Pvt. Ltd DMCA.com Protection Status

PHP Topics