<?xml version="1.0" encoding="utf-8"?>
<!-- $Revision$ -->
<refentry xmlns="http://docbook.org/ns/docbook" xml:id="function.session-create-id">
<refnamediv>
<refname>session_create_id</refname>
<refpurpose>Create new session id</refpurpose>
</refnamediv>
<refsect1 role="description">
&reftitle.description;
<methodsynopsis>
<type>string</type><methodname>session_create_id</methodname>
<methodparam choice="opt"><type>string</type><parameter>prefix</parameter></methodparam>
</methodsynopsis>
<para>
<function>session_create_id</function> is used to create new
session id for the current session. It returns collision free
session id.
</para>
<para>
If session is not active, collision check is omitted.
</para>
<para>
Session ID is created according to php.ini settings.
</para>
<para>
It is important to use the same user ID of your web server for GC
task script. Otherwise, you may have permission problems especially
with files save handler.
</para>
</refsect1>
<refsect1 role="parameters">
&reftitle.parameters;
<para>
<variablelist>
<varlistentry>
<term><parameter>prefix</parameter></term>
<listitem>
<para>
If <parameter>prefix</parameter> is specified, new session id
is prefixed by <parameter>prefix</parameter>. Not all
characters are allowed within the session id. Characters in
the range <literal>a-z A-Z 0-9 , (comma) and -
(minus)</literal> are allowed.
</para>
</listitem>
</varlistentry>
</variablelist>
</para>
</refsect1>
<refsect1 role="returnvalues">
&reftitle.returnvalues;
<para>
<function>session_create_id</function> returns new collision free
session id for the current session. If it is used without active
session, it omits collision check.
</para>
</refsect1>
<refsect1 role="examples">
&reftitle.examples;
<para>
<example>
<title><function>session_create_id</function> example with <function>session_regenerate_id</function></title>
<programlisting role="php">
<![CDATA[
<?php
// My session start function support timestamp management
function my_session_start() {
session_start();
// Do not allow to use too old session ID
if (!empty($_SESSION['deleted_time']) && $_SESSION['deleted_time'] < time() - 180) {
session_destroy();
session_start();
}
}
// My session regenerate id function
function my_session_regenerate_id() {
// Call session_create_id() while session is active to
// make sure collision free.
if (session_status() != PHP_SESSION_ACTIVE) {
session_start();
}
// WARNING: Never use confidential strings for prefix!
$newid = session_create_id('myprefix-');
// Set deleted timestamp. Session data must not be deleted immediately for reasons.
$_SESSION['deleted_time'] = time();
// Finish session
session_commit();
// Make sure to accept user defined session ID
// NOTE: You must enable use_strict_mode for normal operations.
ini_set('session.use_strict_mode', 0);
// Set new custome session ID
session_id($newid);
// Start with custome session ID
session_start();
}
// Make sure use_strict_mode is enabled.
// use_strict_mode is mandatory for security reasons.
ini_set('session.use_strict_mode', 1);
my_session_start();
// Session ID must be regenerated when
// - User logged in
// - User logged out
// - Certain period has passed
my_session_regenerate_id();
// Write useful codes
?>
]]>
</programlisting>
</example>
</para>
</refsect1>
<refsect1 role="seealso">
&reftitle.seealso;
<para>
<simplelist>
<member><function>session_regenerate_id</function></member>
<member><function>session_start</function></member>
<member><link linkend="ini.session.use-strict-mode">session.use_strict_mode</link></member>
</simplelist>
</para>
</refsect1>
</refentry>
<!-- Keep this comment at the end of the file
Local variables:
mode: sgml
sgml-omittag:t
sgml-shorttag:t
sgml-minimize-attributes:nil
sgml-always-quote-attributes:t
sgml-indent-step:1
sgml-indent-data:t
indent-tabs-mode:nil
sgml-parent-document:nil
sgml-default-dtd-file:"~/.phpdoc/manual.ced"
sgml-exposed-tags:nil
sgml-local-catalogs:nil
sgml-local-ecat-files:nil
End:
vim600: syn=xml fen fdm=syntax fdl=2 si
vim: et tw=78 syn=sgml
vi: ts=1 sw=1
-->