It is not uncommon for web developers to have to generate random ids or hashes, for instance large scale project or frameworks may want to implement their own PHP session handlers either completely abstracted in their API, or overloading PHP’s internal API using session_set_save_handler(). If you do so, unless you want to entrust PHP’s core to do it, one thing you will have to take care of is generating unique session ids to send as a cookie to your users, allowing the session to persist. Other common use cases for such unique hashes is to generate CSRF tokens to insert in forms or URLs, and finally authentication tokens for email validation or such.

Proceed to the article to learn more about it in a -hopefully- easy to grasp way, this wasn’t written for security experts but rather any PHP coder out there that is remotely interested in security, and you really should.

Read more… Retweet
Source: SELD