On Wed, Sep 11, 2002 at 07:28:48PM +0000, Mariusz K wrote: > $digest = md5($data); > > Can I use md5 without submitting $data?
No. An MD5 digest is for determining a fingerprint for a given set of data, it's not for generating unique IDs. Please review perldoc Digest::MD5. > I want to simply track my user by creating a random ID, and then sent him > a cookie with that ID and have the coresponding (same ID) in his record in > my MySQL DB. What's the best way to do that? It depends on what you mean by "best". One way of doing it is collecting a bunch of information that, collectively, is unique to that user, then passing that back and forth with them. Unfortunately, putting this information together can be difficult. The user's IP address is useful, but not necessarily unique. The current time is nearly unique, unless two people request a session ID at the same time. The web server process ID may be unique, depending on your web server. You could combine all of this information and have a pretty much unique value; it's possible someone else can come along at the same exact time, from the same IP address, requesting data from the same web server process (though this is very unlikely with Apache), and thereby get the same ID, but it's highly unlikely. Once you have all of this data, you can run it through the MD5 digest algorithm to get a nice chunk of data that you can use as their session ID. A much easier way to do it, if you're using Apache, is to simply use the mod_unique_id module; it gives you an environmental variable that is unique for each request. Another method is to have some external agent hand you a unique ID, perhaps a sequential number. Mysql can do this with an auto_increment field. > Also, will "$digest = md5($data) produce a different $digest each time the > script is executed? In that case I could just say md5(whatever) and get a > different sessionID for each user. md5($data) will return the same value for the same $data. It should return a different value for different $data (it is possible, though highly unlikely, to get the same MD5 digest for two different values of $data). To reiterate, the MD5 algorithm is not for generating session IDs, it's for giving you a fingerprint of the data you feed it. This fingerprint will always be the same for the same data. This can be useful in a session ID context because you can shorten all of your session information down to a shorter string, but it's not for actually generating the ID. Michael -- Administrator www.shoebox.net Programmer, System Administrator www.gallanttech.com -- -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
