On Tue, 2009-02-10 at 13:09 +1100, Chris wrote: > sean greenslade wrote: > > I have a login system that I am coding. I need it to generate a unique token > > on login to be stored in the browser's cookie. I currently use a script that > > generates a MD5 hash of the current unix timestamp, then checks the mysql > > database to see if the token already exists. It loops this generate/check > > until it gets a unique token. Is there a better way to do this? I want a > > token that cannot be easiy predicted (i.e. not an auto-increment value). > > I'd probably use sha1 instead and include: > - timestamp > - ip > - userid (if you have one at this stage) > -rand(0,100) (just to make sure :P) > > There is no 'guid' or 'uuid' function in php, you'd have to do a db call > as someone else suggested. > > -- > Postgresql & php tutorials > http://www.designmagick.com/ > > What would be wrong with using the session and getting the session id? That should be unique for each visitor, for as long as they are logged in. Probably wouldn't be useful for repeated visits, but I'm assuming that on next login they would be issued another token anyway? Ash www.ashleysheridan.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
