Creating Session ID from MD5 Hash

Question

Currently I have this:

$time = time();
$hash = md5($key . $time);

but how do I create a $_SESSION[''] based on the the hash?

score 2 · Answer 1 · answered Jan 24 '15 at 14:38

2

Try it with:

 session_id($hash);
 session_start();

You can find the explanation in the manuals:

http://php.net/manual/en/function.session-id.php

answered Jan 24 '15 at 14:38

smiggle

1,259
6
16

1

You might consider using php's built-in session id generator; it's designed for security (difficulty to guess) by crypto folks. http://stackoverflow.com/questions/138670/how-unique-is-the-php-session-id – O. Jones Jan 24 '15 at 14:50

James R · Accepted Answer · 2015-01-24T14:39:26.397

1

I cant see why this wont work.

$time = time();
$hash = md5($key . $time);
$_SESSION['time'] = $hash;

Then try echo it to test:

echo $_SESSION['time'];

or store in your own var

$mysession = $_SESSION['time'];

edited Jan 24 '15 at 14:39

answered Jan 24 '15 at 14:33

James R

276
5
14

score 0 · Answer 3 · answered Jan 24 '15 at 15:03

If your goal is to make session more secure against session fixation attacks, you can use session_regenerate_id and re-create a new session_id after every x requests:

$_SESSION['last_time_generated']++;

if ($_SESSION['last_time_generated'] > 10) {
    $_SESSION['last_time_generated'] = 0;
    session_regenerate_id(true);
}

Creating Session ID from MD5 Hash

3 Answers3