Are all sessions unique?

blahpro

Hi all,

I am currently building a shopping cart that runs off a MySQL database, with products "identified to their customer" with a session ID (obtained from session_id()).

I need to refer back to these session IDs later - so can I rest assured they are completely unique?

Thanks for any help you can give!

Regards,

Ben Hodgson

Weedpacket

If you'd searched the forums you'd have found that this question has been asked before.

But why not just use an ordinary serial ID field in the database table? Using the session ID won't offer anything more, and would be larger and slower to search.

MarkR

Why store the basket in the database at all, you could just put the whole thing inside the session, that way you don't need to write persistence code for it.

Mark

blahpro

That's what I have done but im scared of any chance of repeating sessions. To combat it, i've just coded this (i basically use my function wherever I would normally use session_start()):

// session_start2(): creates a unique session id
function session_start2() {
	global $session_id2;
	global $session_ts_start;
	session_start();
	if ($session_id2 == "") {
		$session_id2 =  (chr(rand(97,122)) . str_replace(" ","",(str_replace(".","",microtime()) . chr(rand(97,122)) . str_replace(".","", $_SERVER['REMOTE_ADDR']))) . chr(rand(63,90)));
	}
	if ($session_ts_start == "") {
		$session_ts_start = time();
	}
	$_SESSION["session_id2"] = $session_id2;
	$_SESSION["session_ts_start"] = $session_ts_start;
}
// End session_start2()

That seems to work - and it generated the ID from the current timestamp in microseconds, the IP and three random letters - so i think were done! 😃...

Thanks for your help, all!

Weedpacket

Originally posted by MarkR
Why store the basket in the database at all, you could just put the whole thing inside the session, that way you don't need to write persistence code for it.

Mark

I'm presuming blahpro wants the data to persist at least long enough for the order to be filled.

blahpro

Well, basically the shopping cart items remain in the table forever (unless they choose to remove items, or clear the cart). For each item, there is an entry containing the made up session ID, the item number, the quantity of the item, and a primary key.

The reason the id MUST have never been used before is that past orders are referred to by the session id of the user.

Anyway - i think i have it solved 🙂

blahpro

Meh, i got scared when someone said they got a few repeats once...

Weedpacket

Probably tried visiting several times in a single session - how did they know they had repeats? If it could be confirmed, it would make headline news in cryptography circles - first sighting of an MD5 hash collision.