|
|
Posted by Sandman on 09/14/05 15:12
In article <79dd2$4327ba0b$d9091b38$9400@nf1.news-service.com>,
"Johannes A. Brunner" <johannesabrunner@t-link.de> wrote:
> Andy Hassall wrote:
>
> > The INSERT can't be doing that. The most common mistake in this sort of
> > thing
> > is setting up a race condition, so two requests both start a new session
> > and overlap saving to the database.
>
> But if I have a racecondition it would make no differenc using a variable or
> a fixed string.
> $result = mysql_query("INSERT INTO session SET
> ssid='$season',ip='$rip'",$connect);
> $result = mysql_query("INSERT INTO session SET
> ssid='season',ip='$rip'",$connect);
>
> But the second line works fine. Just one db-entrie per page hit.
>
> > How are you detecting there's no ssid?
>
> @$ssid = $_GET['ssid'];
> if (!isset($ssid)) { $ssid = ssid_generate();
> ssid_register($ssid,'false','unknown','false'); }
>
>
> > What are you doing with the ssid afterwards?
>
> A lot of stuf,
> Here is the way I create the ssid
>
> function ssid_generate() {
>
> $ssid = md5(time());
> return $ssid;
> }
Whoooo! You either have a VERY low volume site, or lots of surfers with the
same $ssid.
I suggest using microtime() and something more unique to the current page load.
--
Sandman[.net]
Navigation:
[Reply to this message]
|