Re^3: MD5-based Unique Session ID Generator

To add "time" a second time does not make the string more unique than with just once "time".
It makes the theoretical entropy higher but that's not the target here as we are not defending hackers. We just want to avoid collisions. The uniqeness of the id's must be achieved before feeding them through MD5.

pelagic

Comment on Re^3: MD5-based Unique Session ID Generator

Replies are listed 'Best First'.
Re^4: MD5-based Unique Session ID Generator by stvn (Monsignor) on Aug 19, 2004 at 15:15 UTC
To add "time" a second time does not make the string more unique than with just once "time". I agree, that adding `time` the second time really does not add a whole lot to the uniquness of the string. But what does it hurt? The uniqeness of the id's must be achieved before feeding them through MD5. Given that it is highly unlikely that two sessions will be created within the same apache child process and less than a second away from one another. Just doing `$$ . time()` would likely be sufficient. But then again, this is not my technique (see below for that). -stvn	[reply] [d/l] [select]
Re^5: MD5-based Unique Session ID Generator by MidLifeXis (Monsignor) on Aug 19, 2004 at 17:40 UTC
You have never seen an apache process reply to more than one request in a second? With Apache status reporting time in the multi ms range, I would not make that assumption. I would at least put a counter in each child to make it unique. Or, in the case of Apache, use $ENV{'UNIQUE_ID'} (with the proper configuration, of course). --MidLifeXis	[reply]