How can I calculate length of PHP session id, based on php.ini values session.hash_function and session.hash_bits_per_character, and before starting the session.
I want to create and assign custom session id like session_id($customSessionId);, before starting session.
In my local machine value of session.hash_function is 0 (possible values are '0' for MD5 and '1' for SHA-1) and value of session.hash_bits_per_character is 5 (possible values are '4' [0-9, a-f], '5' [0-9, a-v], and '6' [0-9, a-z, A-Z, "-", ","]), and the resulting length of session id is 26.
What will be the length of session id when session.hash_function and session.hash_bits_per_character have another set of values, which can be calculated before starting session?
I want to calculate session ids with different length on different servers (local, staging or production), and by analyzing default session settings.
Starting the session and calculating session id is pretty much simpler. But i want to code the code something like:
// $length = {code to get length from hash_function and hash_bits_per_character}
// this is my custom function to generate new session id having length $length
$myCustomSessionId = generateCustomSessionId($length);
// assign my custom session id
session_id($myCustomSessionId);
//and finally start the session :)
session_start();
Here are all of the session hash algorithms for 5.3. Use my code at the bottom if you want to try it out on your own server
algo bits length
md2 4 32
md2 5 26
md2 6 22
md4 4 32
md4 5 26
md4 6 22
md5 4 32
md5 5 26
md5 6 22
sha1 4 40
sha1 5 32
sha1 6 27
sha224 4 56
sha224 5 45
sha224 6 38
sha256 4 64
sha256 5 52
sha256 6 43
sha384 4 96
sha384 5 77
sha384 6 64
sha512 4 128
sha512 5 103
sha512 6 86
ripemd128 4 32
ripemd128 5 26
ripemd128 6 22
ripemd160 4 40
ripemd160 5 32
ripemd160 6 27
ripemd256 4 64
ripemd256 5 52
ripemd256 6 43
ripemd320 4 80
ripemd320 5 64
ripemd320 6 54
whirlpool 4 128
whirlpool 5 103
whirlpool 6 86
tiger128,3 4 32
tiger128,3 5 26
tiger128,3 6 22
tiger160,3 4 40
tiger160,3 5 32
tiger160,3 6 27
tiger192,3 4 48
tiger192,3 5 39
tiger192,3 6 32
tiger128,4 4 32
tiger128,4 5 26
tiger128,4 6 22
tiger160,4 4 40
tiger160,4 5 32
tiger160,4 6 27
tiger192,4 4 48
tiger192,4 5 39
tiger192,4 6 32
snefru 4 64
snefru 5 52
snefru 6 43
snefru256 4 64
snefru256 5 52
snefru256 6 43
gost 4 64
gost 5 52
gost 6 43
adler32 4 8
adler32 5 7
adler32 6 6
crc32 4 8
crc32 5 7
crc32 6 6
crc32b 4 8
crc32b 5 7
crc32b 6 6
salsa10 4 128
salsa10 5 103
salsa10 6 86
salsa20 4 128
salsa20 5 103
salsa20 6 86
haval128,3 4 32
haval128,3 5 26
haval128,3 6 22
haval160,3 4 40
haval160,3 5 32
haval160,3 6 27
haval192,3 4 48
haval192,3 5 39
haval192,3 6 32
haval224,3 4 56
haval224,3 5 45
haval224,3 6 38
haval256,3 4 64
haval256,3 5 52
haval256,3 6 43
haval128,4 4 32
haval128,4 5 26
haval128,4 6 22
haval160,4 4 40
haval160,4 5 32
haval160,4 6 27
haval192,4 4 48
haval192,4 5 39
haval192,4 6 32
haval224,4 4 56
haval224,4 5 45
haval224,4 6 38
haval256,4 4 64
haval256,4 5 52
haval256,4 6 43
haval128,5 4 32
haval128,5 5 26
haval128,5 6 22
haval160,5 4 40
haval160,5 5 32
haval160,5 6 27
haval192,5 4 48
haval192,5 5 39
haval192,5 6 32
haval224,5 4 56
haval224,5 5 45
haval224,5 6 38
haval256,5 4 64
haval256,5 5 52
haval256,5 6 43
Here is the code I used to generate them:
session_start();
$algos = hash_algos();
foreach ($algos as $key => $algo) {
ini_set('session.hash_function', $algo);
for ($i = 4; $i <= 6; $i++) {
ini_set('session.hash_bits_per_character', $i);
session_regenerate_id();
echo $algo . ' - ' . $i . ' - ' . strlen(session_id()) . '<br>';
}
}
I know I'm a year and a half late. However, here is the answer.
Each of the hashing algorithm returns a fixed length string. It's easy to know that length just computing a hash:
$t = hash('md5', '', True);
print strlen($t)*8; // 8 Bits per char
The ini option session.hash_bits_per_character indicate how the hashed string (which is a binary string) should be transformed to make it printable and safe for storing. It indicates how many bits from the original hash will be converted to a single character on output. A value of 4 is used to get an hexadecimal output, as each hexadecimal digit represents 4 bits. A value of 6 is Base 64 encoding.
You can use the information on session.hash_functionand session.hash_bits_per_character to calculate the size of the resulting session id computing a hash and then calculate the final length it will have:
$hash_function = ini_get("session.hash_function");
// Special case: 0=md5 and 1=sha1, anything else should be the
// name of the hashing algorithm
if($hash_function==0) {
$hash_function="md5";
}
elseif($hash_function==1) {
$hash_function="sha1";
};
$hash_bits = ini_get("session.hash_bits_per_character");
$t = hash($hash_function, "", True);
print "Algorithm: $hash_function\n";
print "Hash Length (chars): " . strlen($t) . "\n";
print "Bits Per Char: $hash_bits\n";
print "Final Length (chars): " . ceil(strlen($t)*8/$hash_bits) . "\n";
Algorithm: md5 Hash Length (chars): 16 Bits Per Char: 5 Final Length (chars): 26
来源:https://stackoverflow.com/questions/17002329/php-how-can-i-calculate-length-of-session-id-before-starting-session