Re: Generating unique session ids

Tomasz Ostrowski wrote:
> On Wed, 26 Jul 2006, Tom Lane wrote:
>
>> "Antimon" <antimon@gmail.com> writes:
>>> As the id field is primary key, it should generate a unique violation
>>> if duplicate ids created, might be seen rarely but wanted to solve it
>>> anyway.
>> Why don't you just use a serial generator?
>
> If I may interrupt:
> Session id's for web cannot be predictable because this will create a
> security hole in application. md5(random()) is also a bad choise -
> very much predictable.
>
> Mr Antimon would definately better use another way of generating
> session ID's - for example PHP sessions and session_id(). He can also
> use system entropy source like /dev/urandom on POSIX systems.
>
> Regards
> Tometzky

Using a sequence does not mean it will be predictable.
In the past I have used something similar to this:

SELECT md5('secret_salt' || nextval('my_seq')::text)

Regards,
LL