0

I am using a temporary web host and for whatever reason they don't seem to support session_create_id(). It says:

Fatal error: Uncaught Error: Call to undefined function session_create_id() in -snip-/welcome/index.php:97 Stack trace: #0 {main} thrown in -snip-/welcome/index.php on line 97

Is there a way to generate a secure session without this function?

Funk Forty Niner
  • 74,450
  • 15
  • 68
  • 141
XantiuM
  • 132
  • 1
  • 16
  • 3
    The reason your host doesn't support it is that it's running PHP < 7.1. – deceze Mar 02 '18 at 14:12
  • 3
    What exactly do you need this function for, PHP's session functionality has been working well for over a decade without this function. – deceze Mar 02 '18 at 14:13
  • It reports 7.0.19. I thought the feature was introduced in 7.0 hence my confusion – XantiuM Mar 02 '18 at 14:14
  • 2
    Nope. [The manual](http://php.net/session_create_id) clearly says `>= 7.1.0`. – deceze Mar 02 '18 at 14:14
  • 1
    @deceze I feel that there should be a community wiki post for this, since a Google/Stack search did not reveal any posts for that error. This should probably be a new canonical Q&A, IMHO and with no rep to gain from it. – Funk Forty Niner Mar 02 '18 at 14:26
  • @FunkFortyNiner: Might add here https://stackoverflow.com/questions/12769982/reference-what-does-this-error-mean-in-php?rq=1 – AbraCadaver Mar 02 '18 at 14:29
  • @AbraCadaver well, if you feel that it should, go for it :-) Unless deceze thinks otherwise. – Funk Forty Niner Mar 02 '18 at 14:31
  • 1
    @FunkFortyNiner: Actually, those are generic Call to undefined function XXX, so maybe not. – AbraCadaver Mar 02 '18 at 14:31
  • @AbraCadaver Then I guess someone should either come up with an alternate solution, or that the answer to this would simply be to upgrade to 7.1, as a community wiki. Tough call though. – Funk Forty Niner Mar 02 '18 at 14:34
  • It you have a database, use a sequence number (auto-increment in some databases) to ensure each created session has at least 1 part unique. Pad with random characters to the length you need. uniqid() could help, but it is not guaranteed to be unique at all times. Or generate a random string, check in the database if this id is already used (in your session table), if yes, generate a new one. – Nic3500 Mar 02 '18 at 14:40

0 Answers0