[eluser]slowgary[/eluser]
Collisions are one concern. I haven't dug through an extensive amount of native CI code, but I always just assume it to be of the highest quality. That being said, I'm a little surprised at the code I see in the session class.
First:
Code:
while (strlen($new_sessid) < 32)
{
$new_sessid .= mt_rand(0, mt_getrandmax());
}
Maybe I'm being picky here, but why calculate a string's length 32 times? Since it's a fixed length, it would definitely be faster using a for() loop:
Code:
for($i = 0; $i < 32; $i++)
{
$new_sessid .= mt_rand(0, mt_getrandmax());
}
Also:
Code:
'session_id' => md5(uniqid($sessid, TRUE))
By hashing a uniqid(), isn't it actually INCREASING the likelihood of a collision?