session_create_id()

(PHP 7 >= 7.1.0)

创建新的会话ID

说明

session_create_id()返回当前会话的新的无冲突会话ID。如果在没有活动会话的情况下使用它，则将省略冲突检查。

范例

Example #1session_create_id()example withsession_regenerate_id()

参见

• session_regenerate_id()使用新生成的会话 ID 更新现有会话 ID
• session_start()启动新会话或者重用现有会话
• session.use_strict_mode
• SessionHandler::create_sid()Return a new session ID

I needed to use session_create_id for the $prefix.
I used the 'create_sid' handler in session_set_save_handler and it done all the magic for me.
I could continue to use session_regenerate_id();
  function sessionCreateHandler()
  {
    $prefix = 'bla';
    return session_create_id($prefix);
  }

This function is very hard to replicate precisely in userland code, because if a session is already started, it will attempt to detect collisions using the new "validate_sid" session handler callback, which did not exist in earlier PHP versions.
If the handler you are using implements the "create_sid" callback, collisions may be detected there. This is called when you use session_regenerate_id(), so you could use that to create a new session, note its ID, then switch back to the old session ID. If no session is started, or the current handler doesn't implement "create_sid" and "validate_sid", neither this function nor session_regenerate_id() will guarantee collision resistance anyway.
If you have a suitable definition of random_bytes (a library is available to provide this for versions right back to PHP 5.3), you can use the following to generate a session ID in the same format PHP 7.1 would use. $bits_per_character should be 4, 5, or 6, corresponding to the values of the session.hash_bits_per_character / session.sid_bits_per_character ini setting. You will then need to detect collisions manually, e.g. by opening the session and confirming that $_SESSION is empty.

鹏仔微信 15129739599 鹏仔QQ344225443 鹏仔前端 pjxi.com 共享博客 sharedbk.com