7

I can't find any mention of it in the documentation, but there seems to be an additional entry in the $_SERVER superglobal named UNIQUE_ID? What is this value used for?

It's fairly obvious that it's a unique ID, but of what? Of the current session, script, or server?

IQAndreas
  • 8,060
  • 8
  • 39
  • 74

3 Answers3

4

http://httpd.apache.org/docs/current/mod/mod_unique_id.html

Apache Module mod_unique_id

This module provides a magic token for each request which is guaranteed to be unique across "all" requests under very specific conditions. The unique identifier is even unique across multiple machines in a properly configured cluster of machines. The environment variable UNIQUE_ID is set to the identifier for each request. Unique identifiers are useful for various reasons which are beyond the scope of this document.

dave
  • 62,300
  • 5
  • 72
  • 93
  • 3
    But what is the purpose of the ID - can we use it for anything? – TheStoryCoder Jun 25 '15 at 07:49
  • 1
    Can we use this as CSRF prevention tokens? – Sibidharan Nov 14 '16 at 16:26
  • 1
    @Sibidharan - you would have to save the unique id server side when the form is loaded, and then send it on submit and check that it is the same as the one you saved. – dave Nov 14 '16 at 17:35
  • 1
    @Sibidharan that is entirely possible, and actually likely now that I think about it. If you are already doing it, the simplest fix would be to salt + encrypt it to create the csrf. Or most likely whatever language you are using has a good csrf library which is actually a much better idea – dave Nov 14 '16 at 17:47
2

It is the identifier for each request which is set in the UNIQUE_ID.

From an article on devshed.com:

The $_SERVER superglobal contains some elements that are available in the CGI environment. Depending on the platform/web server/PHP install (cgi vs. compiled in vs. DSO etc) there can be many different variables available. You probably have the apache module "MOD_UNIQUE_ID" loaded, and apache sets this value in the CGI environment.

Also read this documentation

dave
  • 62,300
  • 5
  • 72
  • 93
Rahul Tripathi
  • 168,305
  • 31
  • 280
  • 331
1

It is a result of the Apache module unique_id. Here is a link to the Apache doc...

http://www.itc.yorku.ca/manual/mod/mod_unique_id.html

Doug Wolfgram
  • 2,064
  • 4
  • 27
  • 42