1

I am creating a social media website which is expected to have huge traffic. PHP version is 7.3, session_set_save_handler is MYSQL database. cookie_lifetime is set to one year

I am concerned about the fact that PHP session_start() could generate duplicate session_id(ie same session_id for multiple users) in high traffic sites, though the probability is too low. I have searched a lot but haven't come across a fool proof algorithm to avoid it. Can anybody here enlighten me about the same?

Blogspot OSOL
  • 11
  • 2
  • 2
    I don't have an answer for you. Facebook probably do. But this video came right to my mind when I saw your question: https://youtu.be/fWk_rMQiDGc?t=386 – Valery Jan 13 '21 at 12:30
  • 2
    You can generate custom session id and save it inside database then compare it while generating another session id, if you find duplicate generate another. however the possible of getting same session id is very low. cause session id generated based on client ip, current time, os and others. so the chance of getting duplicate session id is too low to be worried. – S M Jobayer Alam Jan 13 '21 at 12:34
  • 1
    Have you actually calculated the probability of that happening? Even with the [default settings](https://www.php.net/manual/en/session.configuration.php#ini.session.sid-length) you can get 16^32 possible values (340282366920938463463374607431768211456). – Álvaro González Jan 13 '21 at 18:36
  • @SMJobayerAlam , It seems I managed to crack an algorithm based on your clue.[link]http://www.outsource-online.net/blog/2021/05/05/php-session-handling-with-database-ensuring-unique-session-id-in-high-traffic-sites/ If you could share your thoughts on it, it will be much appreciated – Blogspot OSOL May 05 '21 at 17:08

0 Answers0