We are running an application with a lot of visitors on an Apache 2.5 with php5.6.
After considering our sessionids as unique for the longest time we discovered, that after about 12 months duplicates of sessionids are generated, which mess up our saved records in the database, which is connected to the sessionid as identifier.
Is there a possibility to make the sessionid "more" unique to reduce the possibility of duplicates?
Looks like I created a duplicate with How unique is the php session id
So increasing the entropy length should help.
My system has as current configuration
session.entropy_length = 32;
session.entropy_file = /dev/urandom;
the other solution suggests 512 instead of 32.
However the main key to avoid duplicates (or make them less probable) is to increase the length of the session string. I guess we will add 4 characters more, that should help with our problem.