PHP 会话 ID 字符串的长度是多少?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/12240922/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
What is the length of a PHP session id string?
提问by Gustavo
I'm making a table in a MySQL database to save some session data, including session_id. What should be the length of the VARCHARto store the session_idstring?
我正在 MySQL 数据库中创建一个表来保存一些会话数据,包括session_id. VARCHAR存储session_id字符串的长度应该是多少?
采纳答案by sachleen
Depends on session.hash_functionand session.hash_bits_per_character.
取决于session.hash_function和session.hash_bits_per_character。
Check out the session_idpage for more info.
查看session_id页面了解更多信息。
The higher you set session.hash_bits_per_character the shorter your session_id will become by using more bits per character. The possible values are 4, 5, or 6.
When using sha-1 for hashing (by setting ini_set('session.hash_function', 1) the following session string lengths are produced by the three session.hash_bits_per_character settings:
4 - 40 character string
5 - 32 character string
6 - 27 character string
你设置的 session.hash_bits_per_character 越高,你的 session_id 就会越短,因为每个字符使用的位数越多。可能的值为 4、5 或 6。
当使用 sha-1 进行散列时(通过设置 ini_set('session.hash_function', 1) 以下会话字符串长度由三个 session.hash_bits_per_character 设置生成:
4 - 40 个字符串
5 - 32 个字符的字符串
6 - 27 个字符串
回答by Andron
@sachleen answer isn't full.
More detailed info about session id length is described here.
@sachleen 答案不完整。此处
描述了有关会话 ID 长度的更多详细信息。
Summary:
概括:
128-bit digest (MD5)
4 bits/char: 32 char SID
5 bits/char: 26 char SID
6 bits/char: 22 char SID
160-bit digest (SHA-1)
4 bits/char: 40 char SID
5 bits/char: 32 char SID
6 bits/char: 27 char SID
And sample regex to check session id:
和示例正则表达式来检查会话 ID:
preg_match('/^[a-zA-Z0-9,-]{22,40}$/', $sessionId)
回答by John Woo
It depends on these configuration settings: session.hash_functionand session.hash_bits_per_character
这取决于这些配置设置: session.hash_function和session.hash_bits_per_character
Shorter session ID lengths have the higher chance of collision, but this also depends a lot on the ID generation algorithm. Given the default settings, the length of the session ID should be appropriate for most applications. For higher-security implementations, you may consider looking into how PHP generates its session IDs and check whether it's cryptographically secure. If it isn't, then you should roll your own algorithm with a cryptographically secure source of randomness.
较短的会话 ID 长度有更高的冲突机会,但这也很大程度上取决于 ID 生成算法。给定默认设置,会话 ID 的长度应该适合大多数应用程序。对于更高安全性的实现,您可以考虑研究 PHP 如何生成其会话 ID 并检查它是否加密安全。如果不是,那么您应该使用加密安全的随机源来推出自己的算法。
回答by Abbas Uddin
I don't know where my application will be used for then I set it up as: VARCHAR(127) and hope it will be great for unKnown MySQL users.
我不知道我的应用程序将用于何处,然后我将其设置为:VARCHAR(127) 并希望它对未知的 MySQL 用户有用。
回答by Gocha
By the regular php installation length is always 26 (exmp: psprdaccghmmre1oo2eg0tnpe6)
按照常规的 php 安装长度始终为 26(例如:psprdaccghmmre1oo2eg0tnpe6)
