session_id()?

dreams4000

Hi all,

I am using the session_id() function and have a session being generated for users loging in.. I am curious as to why a lot, but not all, of the users end up getting the same exact session id? Does it only have a small variance that it uses?

Kudose

NO ONE should have the same session_id

It is automatically created my PHP when you call session_start.

There may be small variances in session_id's at times, but if two people ever get the same one, then you have a problem.

dreams4000

Yeah, I can tell the problem part.. but why would it generate the same id for multiple folks? I have had about 50 people log in.. I would say 15 or so of them have had the same id and then their info is getting crossed.

I am simply taking

$session=session_id();

and storing it in a database for later use, but also is being used in a url for variables like userid while browsing around. I have had folks that will be browsing fine with their account, then it just turns into someone elses account.

Kudose

Try using sessions as opposed to transfering variable via the URL.

i.e.

$_SESSION['uid'] = session_id();

$session_user = $_SESSION['uid'];

dreams4000

that is what I meant by it is holding variables in the url.. it is /somepage.php?PHPSESSID=4c9176b3d621f4dfcf6d43a6624435ef

and in that sessid is things like userid, last login etc..

laserlight

This has something to do with your session.use_trans_sid value.

Read the PHP Manual on sessions