Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial

Posted March 28, 2015 6:10am by

PHP Session Management

I've looked into some methods to prevent Cross Site Request Forgery ( CSRF ), and there were two methods that was repeatedly shown under generating a session id. One is simply using session_id(); after session_start(), and the other is using md5(uniqid(mt_rand(), true));. Can someone explain me the difference between these two methods? Is one better than the other?

Posting to the forum is only allowed for members with active accounts.
Please sign in or sign up to post.

Welcome to the Treehouse Community

Looking to learn something new?

lihaoquan

lihaoquan

PHP Session Management