<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<title>Create new session id</title>
</head>
<body><div class="manualnavbar" style="text-align: center;">
<div class="prev" style="text-align: left; float: left;"><a href="function.session-commit.html">session_commit</a></div>
<div class="next" style="text-align: right; float: right;"><a href="function.session-decode.html">session_decode</a></div>
<div class="up"><a href="ref.session.html">Session Functions</a></div>
<div class="home"><a href="index.html">PHP Manual</a></div>
</div><hr /><div id="function.session-create-id" class="refentry">
<div class="refnamediv">
<h1 class="refname">session_create_id</h1>
<p class="verinfo">(PHP 7 >= 7.1.0)</p><p class="refpurpose"><span class="refname">session_create_id</span> — <span class="dc-title">Create new session id</span></p>
</div>
<div class="refsect1 description" id="refsect1-function.session-create-id-description">
<h3 class="title">Description</h3>
<div class="methodsynopsis dc-description">
<span class="type">string</span> <span class="methodname"><strong>session_create_id</strong></span>
([ <span class="methodparam"><span class="type">string</span> <code class="parameter">$prefix</code></span>
] )</div>
<p class="para rdfs-comment">
<span class="function"><strong>session_create_id()</strong></span> is used to create new
session id for the current session. It returns collision free
session id.
</p>
<p class="para">
If session is not active, collision check is omitted.
</p>
<p class="para">
Session ID is created according to php.ini settings.
</p>
<p class="para">
It is important to use the same user ID of your web server for GC
task script. Otherwise, you may have permission problems especially
with files save handler.
</p>
</div>
<div class="refsect1 parameters" id="refsect1-function.session-create-id-parameters">
<h3 class="title">Parameters</h3>
<p class="para">
<dl>
<dt>
<code class="parameter">prefix</code></dt>
<dd>
<p class="para">
If <code class="parameter">prefix</code> is specified, new session id
is prefixed by <code class="parameter">prefix</code>. Not all
characters are allowed within the session id. Characters in
the range <em>a-z A-Z 0-9 , (comma) and -
(minus)</em> are allowed.
</p>
</dd>
</dl>
</p>
</div>
<div class="refsect1 returnvalues" id="refsect1-function.session-create-id-returnvalues">
<h3 class="title">Return Values</h3>
<p class="para">
<span class="function"><strong>session_create_id()</strong></span> returns new collision free
session id for the current session. If it is used without active
session, it omits collision check.
</p>
</div>
<div class="refsect1 examples" id="refsect1-function.session-create-id-examples">
<h3 class="title">Examples</h3>
<p class="para">
<div class="example" id="example-5958">
<p><strong>Example #1 <span class="function"><strong>session_create_id()</strong></span> example with <span class="function"><a href="function.session-regenerate-id.html" class="function">session_regenerate_id()</a></span></strong></p>
<div class="example-contents">
<div class="phpcode"><code><span style="color: #000000">
<span style="color: #0000BB"><?php<br /></span><span style="color: #FF8000">// My session start function support timestamp management<br /></span><span style="color: #007700">function </span><span style="color: #0000BB">my_session_start</span><span style="color: #007700">() {<br /> </span><span style="color: #0000BB">session_start</span><span style="color: #007700">();<br /> </span><span style="color: #FF8000">// Do not allow to use too old session ID<br /> </span><span style="color: #007700">if (!empty(</span><span style="color: #0000BB">$_SESSION</span><span style="color: #007700">[</span><span style="color: #DD0000">'deleted_time'</span><span style="color: #007700">]) && </span><span style="color: #0000BB">$_SESSION</span><span style="color: #007700">[</span><span style="color: #DD0000">'deleted_time'</span><span style="color: #007700">] < </span><span style="color: #0000BB">time</span><span style="color: #007700">() - </span><span style="color: #0000BB">180</span><span style="color: #007700">) {<br /> </span><span style="color: #0000BB">session_destroy</span><span style="color: #007700">();<br /> </span><span style="color: #0000BB">session_start</span><span style="color: #007700">();<br /> }<br />}<br /><br /></span><span style="color: #FF8000">// My session regenerate id function<br /></span><span style="color: #007700">function </span><span style="color: #0000BB">my_session_regenerate_id</span><span style="color: #007700">() {<br /> </span><span style="color: #FF8000">// Call session_create_id() while session is active to <br /> // make sure collision free.<br /> </span><span style="color: #007700">if (</span><span style="color: #0000BB">session_status</span><span style="color: #007700">() != </span><span style="color: #0000BB">PHP_SESSION_ACTIVE</span><span style="color: #007700">) {<br /> </span><span style="color: #0000BB">session_start</span><span style="color: #007700">();<br /> }<br /> </span><span style="color: #FF8000">// WARNING: Never use confidential strings for prefix!<br /> </span><span style="color: #0000BB">$newid </span><span style="color: #007700">= </span><span style="color: #0000BB">session_create_id</span><span style="color: #007700">(</span><span style="color: #DD0000">'myprefix-'</span><span style="color: #007700">);<br /> </span><span style="color: #FF8000">// Set deleted timestamp. Session data must not be deleted immediately for reasons.<br /> </span><span style="color: #0000BB">$_SESSION</span><span style="color: #007700">[</span><span style="color: #DD0000">'deleted_time'</span><span style="color: #007700">] = </span><span style="color: #0000BB">time</span><span style="color: #007700">();<br /> </span><span style="color: #FF8000">// Finish session<br /> </span><span style="color: #0000BB">session_commit</span><span style="color: #007700">();<br /> </span><span style="color: #FF8000">// Make sure to accept user defined session ID<br /> // NOTE: You must enable use_strict_mode for normal operations.<br /> </span><span style="color: #0000BB">ini_set</span><span style="color: #007700">(</span><span style="color: #DD0000">'session.use_strict_mode'</span><span style="color: #007700">, </span><span style="color: #0000BB">0</span><span style="color: #007700">);<br /> </span><span style="color: #FF8000">// Set new custome session ID<br /> </span><span style="color: #0000BB">session_id</span><span style="color: #007700">(</span><span style="color: #0000BB">$newid</span><span style="color: #007700">);<br /> </span><span style="color: #FF8000">// Start with custome session ID<br /> </span><span style="color: #0000BB">session_start</span><span style="color: #007700">();<br />}<br /><br /></span><span style="color: #FF8000">// Make sure use_strict_mode is enabled.<br />// use_strict_mode is mandatory for security reasons.<br /></span><span style="color: #0000BB">ini_set</span><span style="color: #007700">(</span><span style="color: #DD0000">'session.use_strict_mode'</span><span style="color: #007700">, </span><span style="color: #0000BB">1</span><span style="color: #007700">);<br /></span><span style="color: #0000BB">my_session_start</span><span style="color: #007700">();<br /><br /></span><span style="color: #FF8000">// Session ID must be regenerated when<br />// - User logged in<br />// - User logged out<br />// - Certain period has passed<br /></span><span style="color: #0000BB">my_session_regenerate_id</span><span style="color: #007700">();<br /><br /></span><span style="color: #FF8000">// Write useful codes<br /></span><span style="color: #0000BB">?></span>
</span>
</code></div>
</div>
</div>
</p>
</div>
<div class="refsect1 seealso" id="refsect1-function.session-create-id-seealso">
<h3 class="title">See Also</h3>
<p class="para">
<ul class="simplelist">
<li class="member"><span class="function"><a href="function.session-regenerate-id.html" class="function" rel="rdfs-seeAlso">session_regenerate_id()</a> - Update the current session id with a newly generated one</span></li>
<li class="member"><span class="function"><a href="function.session-start.html" class="function" rel="rdfs-seeAlso">session_start()</a> - Start new or resume existing session</span></li>
<li class="member"><a href="session.configuration.html#ini.session.use-strict-mode" class="link">session.use_strict_mode</a></li>
<li class="member"><span class="methodname"><a href="sessionhandler.create-sid.html" class="methodname" rel="rdfs-seeAlso">SessionHandler::create_sid()</a> - Return a new session ID</span></li>
</ul>
</p>
</div>
</div><hr /><div class="manualnavbar" style="text-align: center;">
<div class="prev" style="text-align: left; float: left;"><a href="function.session-commit.html">session_commit</a></div>
<div class="next" style="text-align: right; float: right;"><a href="function.session-decode.html">session_decode</a></div>
<div class="up"><a href="ref.session.html">Session Functions</a></div>
<div class="home"><a href="index.html">PHP Manual</a></div>
</div></body></html>
