What is the length of a PHP session id string?

Question

I\'m making a table in a MySQL database to save some session data, including session_id. What should be the length of the VARCHAR to store the

Answer 1

It depends on these configuration settings: session.hash_function and session.hash_bits_per_character

Shorter session ID lengths have the higher chance of collision, but this also depends a lot on the ID generation algorithm. Given the default settings, the length of the session ID should be appropriate for most applications. For higher-security implementations, you may consider looking into how PHP generates its session IDs and check whether it's cryptographically secure. If it isn't, then you should roll your own algorithm with a cryptographically secure source of randomness.