Reputation: 1106
PHP - What happens if I get two equal session id?
I read that a session ID is created using an algorithm that permits to have a tiny probability to get two equal IDs. But what happens if I get two equal ones? I don't really know how sessions work, but I imagine that I would be able to access to the data stored in the $_SESSION array of the person that has the same ID.
In this case, that wouldn't be a positive thing. Is it possible to have a really unique session ID?
Thanks!
Upvotes: 1
Views: 411
Answers (1)
Reputation: 11832
It is not very likely or probable that you will generate two equal session ID's. Though of course this will depend on the algorithm that was used to generate the ID's.
If you want to know how, for example PHP, sessions are generated, take a look here: PHP session IDs -- how are they generated? As you can read, these sessions are not entirely random and ingredients such as the user's IP address and time of issuance are used, limiting who can get the very unlikely equal session ID and when.
Furthermore you can limit an equal session ID to have effect, by limiting the session expiration time, allowed remote IP and domain for its usage.
Upvotes: 3
Related Questions
- can session id be the same for different sessions at the same moment of time php
- Using same session ID within two PHP scripts at same time
- SessionIDs are not unique in PHP
- what happens if two different sessions are active in one browser?
- session id value changes
- what are session id? in php are session id assined to each user or each browser
- How does php script handle two PHPSESSIDs?
- PHP Session ID uniqueness (for use in a cookie)
- PHP session cookie sessionid
- PHP session id's differ