I'm making a table in a MySQL database to save some session data, including session_id. What should be the length of the VARCHAR to store the session_id string?
我正在MySQL数据库中创建一个表来保存一些会话数据,包括session_id。VARCHAR存储session_id字符串的长度应该是多少?
5 个解决方案
#1
31
Depends on session.hash_function and session.hash_bits_per_character.
取决于会话。hash_function session.hash_bits_per_character。
Check out the session_id page for more info.
查看session_id页面了解更多信息。
The higher you set session.hash_bits_per_character the shorter your session_id will become by using more bits per character. The possible values are 4, 5, or 6.
您设置的会话越高。hash_bits_per_character,您的session_id越短,每个字符使用的字节就越多。可能的值是4、5或6。
When using sha-1 for hashing (by setting ini_set('session.hash_function', 1) the following session string lengths are produced by the three session.hash_bits_per_character settings:
当使用sha-1进行散列时(通过设置ini_set(会话)。hash_function', 1)以下会话字符串长度由三个会话生成。hash_bits_per_character设置:
4 - 40 character string
4 - 40字符串
5 - 32 character string
5 - 32字串
6 - 27 character string
6 - 27字符串
#2
27
@sachleen answer isn't full.
More detailed info about session id length is described here.
@sachleen回答不完整。更多关于会话id长度的详细信息将在这里描述。
Summary:
简介:
128-bit digest (MD5)
4 bits/char: 32 char SID
5 bits/char: 26 char SID
6 bits/char: 22 char SID
160-bit digest (SHA-1)
4 bits/char: 40 char SID
5 bits/char: 32 char SID
6 bits/char: 27 char SID
And sample regex to check session id:
和检查会话id的示例regex:
preg_match('/^[a-zA-Z0-9,-]{22,40}$/', $sessionId)
#3
4
It depends on these configuration settings: session.hash_function and session.hash_bits_per_character
它取决于这些配置设置:会话。hash_function和session.hash_bits_per_character
Shorter session ID lengths have the higher chance of collision, but this also depends a lot on the ID generation algorithm. Given the default settings, the length of the session ID should be appropriate for most applications. For higher-security implementations, you may consider looking into how PHP generates its session IDs and check whether it's cryptographically secure. If it isn't, then you should roll your own algorithm with a cryptographically secure source of randomness.
较短的会话ID长度有更高的碰撞几率,但这也很大程度上取决于ID生成算法。给定默认设置,会话ID的长度应该适合于大多数应用程序。对于更高安全性的实现,您可以考虑研究PHP如何生成它的会话id,并检查它是否具有加密安全性。如果不是,那么您应该使用密码安全的随机性源来运行自己的算法。
#4
0
I don't know where my application will be used for then I set it up as: VARCHAR(127) and hope it will be great for unKnown MySQL users.
我不知道我的应用程序将在哪里使用,然后我将它设置为:VARCHAR(127),并希望它对未知的MySQL用户非常有用。
#5
0
By the regular php installation length is always 26 (exmp: psprdaccghmmre1oo2eg0tnpe6)
通常php的安装长度总是26 (exmp: psprdaccghmre1oo2eg0pe6)
#1
31
Depends on session.hash_function and session.hash_bits_per_character.
取决于会话。hash_function session.hash_bits_per_character。
Check out the session_id page for more info.
查看session_id页面了解更多信息。
The higher you set session.hash_bits_per_character the shorter your session_id will become by using more bits per character. The possible values are 4, 5, or 6.
您设置的会话越高。hash_bits_per_character,您的session_id越短,每个字符使用的字节就越多。可能的值是4、5或6。
When using sha-1 for hashing (by setting ini_set('session.hash_function', 1) the following session string lengths are produced by the three session.hash_bits_per_character settings:
当使用sha-1进行散列时(通过设置ini_set(会话)。hash_function', 1)以下会话字符串长度由三个会话生成。hash_bits_per_character设置:
4 - 40 character string
4 - 40字符串
5 - 32 character string
5 - 32字串
6 - 27 character string
6 - 27字符串
#2
27
@sachleen answer isn't full.
More detailed info about session id length is described here.
@sachleen回答不完整。更多关于会话id长度的详细信息将在这里描述。
Summary:
简介:
128-bit digest (MD5)
4 bits/char: 32 char SID
5 bits/char: 26 char SID
6 bits/char: 22 char SID
160-bit digest (SHA-1)
4 bits/char: 40 char SID
5 bits/char: 32 char SID
6 bits/char: 27 char SID
And sample regex to check session id:
和检查会话id的示例regex:
preg_match('/^[a-zA-Z0-9,-]{22,40}$/', $sessionId)
#3
4
It depends on these configuration settings: session.hash_function and session.hash_bits_per_character
它取决于这些配置设置:会话。hash_function和session.hash_bits_per_character
Shorter session ID lengths have the higher chance of collision, but this also depends a lot on the ID generation algorithm. Given the default settings, the length of the session ID should be appropriate for most applications. For higher-security implementations, you may consider looking into how PHP generates its session IDs and check whether it's cryptographically secure. If it isn't, then you should roll your own algorithm with a cryptographically secure source of randomness.
较短的会话ID长度有更高的碰撞几率,但这也很大程度上取决于ID生成算法。给定默认设置,会话ID的长度应该适合于大多数应用程序。对于更高安全性的实现,您可以考虑研究PHP如何生成它的会话id,并检查它是否具有加密安全性。如果不是,那么您应该使用密码安全的随机性源来运行自己的算法。
#4
0
I don't know where my application will be used for then I set it up as: VARCHAR(127) and hope it will be great for unKnown MySQL users.
我不知道我的应用程序将在哪里使用,然后我将它设置为:VARCHAR(127),并希望它对未知的MySQL用户非常有用。
#5
0
By the regular php installation length is always 26 (exmp: psprdaccghmmre1oo2eg0tnpe6)
通常php的安装长度总是26 (exmp: psprdaccghmre1oo2eg0pe6)