Re: Generating unique session ids

On Wed, 26 Jul 2006, Tom Lane wrote:

> "Antimon" <antimon@gmail.com> writes:
> > As the id field is primary key, it should generate a unique violation
> > if duplicate ids created, might be seen rarely but wanted to solve it
> > anyway.
>
> Why don't you just use a serial generator?

If I may interrupt:
Session id's for web cannot be predictable because this will create a
security hole in application. md5(random()) is also a bad choise -
very much predictable.

Mr Antimon would definately better use another way of generating
session ID's - for example PHP sessions and session_id(). He can also
use system entropy source like /dev/urandom on POSIX systems.

Regards
Tometzky
--
...although Eating Honey was a very good thing to do, there was a
moment just before you began to eat it which was better than when you
were...
                                                      Winnie the Pooh