How to generate unique IDs that only contains alphanumeric characters

[mds1256]

Hi

Looking to create an ID which only contains alpha-numeric (no special chars).

I looked to generate random bytes and then encode in base64 but base64 contains = + /.

The below seems to do it but not sure if bin2hex can return non alpha numeric?

bin2hex(openssl_random_pseudo_bytes(18));

 

Edited December 18, 2018 by mds1256

[gw1500se]

How about this:

 $characters = 'abcdefghijklmnopqrstuvwxyz0123456789';
 $string = '';
 $max = strlen($characters) - 1;
 for ($i = 0; $i < $random_string_length; $i++) {
      $string .= $characters[mt_rand(0, $max)];
 }

$random_string_length is set to the length of the desired string. If you want both upper and lower case simply add uppercase characters to $characters.

Edited December 18, 2018 by gw1500se

[benanamen]

 What is the real problem that you're trying to solve with this?

[mds1256]

1 hour ago, benanamen said:

 What is the real problem that you're trying to solve with this?

I am trying to generate a unique ID that I can store in the database and use as a session ID.

I could URLEncode but I have never seen session IDs with %20 etc in the ID.

[gw1500se]

You need to elaborate more. Session IDs are usually generated automatically when you use PHP sessions and stored in cookies. There is generally no need to store them in a database unless you do not really mean session ID in the traditional sense.

Edited December 18, 2018 by gw1500se

[mds1256]

1 hour ago, gw1500se said:

You need to elaborate more. Session IDs are usually generated automatically when you use PHP sessions and stored in cookies. There is generally no need to store them in a database unless you do not really mean session ID in the traditional sense.

I don't mean in a traditional sense, they are more like a temporary identifier that I want to use instead of an auto increment INT in the database.

[benanamen]

It would be much more helpful to tell us exactly what you are doing and why you are trying to do it the way you are.

[mds1256]

2 minutes ago, benanamen said:

It would be much more helpful to tell us exactly what you are doing and why you are trying to do it the way you are.

In the mysql sessions table I will be storing session data for a limited timeframe, (login sessions), these last no more than 1 hour max.

There will be lots and lots of login sessions and I need to pass back a session ID to the client but not using an incremental number e.g. session id 1, session id 2, session id 3.

I want to pass back a totally random session id, it also allows me to not worry about ever running out of numbers from auto increment (although using an unsigned bigint will give me over 18 quadrillion possible session address row ids). I will have a process that clears out stale sessions every hour.

[benanamen]

What you describe is exactly what the built-in session functions do. Why is that not acceptable?

[mds1256]

3 minutes ago, benanamen said:

What you describe is exactly what the built-in session functions do. Why is that not acceptable?

It is for a REST api and they should be stateless in respect of not sending cookies etc and I believe using php sessions generates a session on the server and sends a cookie?

[gw1500se]

It sends nothing unless you extract the data from the cookie and sent it yourself. Cookies are stored on the client side.

[mds1256]

4 minutes ago, gw1500se said:

It sends nothing unless you extract the data from the cookie and sent it yourself. Cookies are stored on the client side.

But I don't want to have a cookie at all, sessions also create a session file on the server......

[gw1500se]

Back to benanamen's question. What is your reasoning for that? Just trying to help you with best practices.

Edited December 18, 2018 by gw1500se

[requinix]

You can use sessions without using cookies. It's uncommon but it's possible.

Disable session cookies. Set up a session on the first request, grabbing the ID and sending it to the client. On subsequent requests you take the ID they provide, session_id() it, and session_start() to load.

[mds1256]

25 minutes ago, requinix said:

You can use sessions without using cookies. It's uncommon but it's possible.

Disable session cookies. Set up a session on the first request, grabbing the ID and sending it to the client. On subsequent requests you take the ID they provide, session_id() it, and session_start() to load.

Thanks but I don’t want to use php sessions, I just need a random unique string to use as an id. I think we have gotten off topic slightly.

[requinix]

You need an identifier to be able to track the user making the requests, right? That's sessions. They aren't just for people regularly browsing a site.

[ginerjm]

May I ask why you don't want to use PHP sessions?

[mds1256]

14 minutes ago, ginerjm said:

May I ask why you don't want to use PHP sessions?

Hi

The front end is load balanced across servers so need to store session in db and not use php sessions

[requinix]

Sessions are a concept. Not an implementation. They don't have to use cookies. They don't have to use files.

The concept you need is a unique identifier for clients so you can track them. That is what sessions do.

[gizmola]

Rather than trying to invent your own solution to stateless REST API tokens, I would suggest you take a look at JSON Web Tokens (JWT).

Here are some resources to help you understand what they are:  https://jwt.io/

Integrating into PHP:  https://www.sitepoint.com/php-authorization-jwt-json-web-tokens/  (Don't get too caught up in the specific libraries he used.)

Another PHP Article by a PHP JWT Library author:  https://dev.to/robdwaller/how-to-create-a-json-web-token-using-php-3gml

 

 

[Karaethon]

On 12/18/2018 at 7:14 AM, gw1500se said:

How about this:

 $characters = 'abcdefghijklmnopqrstuvwxyz0123456789';
 $string = '';
 $max = strlen($characters) - 1;
 for ($i = 0; $i < $random_string_length; $i++) {
      $string .= $characters[mt_rand(0, $max)];
 }

$random_string_length is set to the length of the desired string. If you want both upper and lower case simply add uppercase characters to $characters.

Will this work for creating a random user ID that is used in the database as a guide for the user?

[Karaethon]

On 1/1/2019 at 10:34 AM, Karaethon said:

Will this work for creating a random user ID that is used in the database as a guide for the user?

DOH! as a GUID for the user. Stupid autocorrect.

[requinix]

17 minutes ago, Karaethon said:

DOH! as a GUID for the user. Stupid autocorrect.

gw1500se's code does not create GUIDs.

[Karaethon]

1 hour ago, requinix said:

gw1500se's code does not create GUIDs.

I see, but I could use it, or some modified version of it, to make unique primary keys for my users table couldn't I? Or is there a better way?

[requinix]

I've already told you what I think the better way is.