# Codeigniter3 session问题

## 问题描述

if (isset($_COOKIE[$this->_config['cookie_name']])
&& (
! is_string($_COOKIE[$this->_config['cookie_name']])
OR ! preg_match('/^[0-9a-f]{40}$/',$_COOKIE[$this->_config['cookie_name']]) ) ) { unset($_COOKIE[\$this->_config['cookie_name']]);
}


## 解决方案

 ** session.sid_length **
session.sid_length allows you to specify the length of session ID string. Session ID length can be between 22 to 256. The default is 32. If you need compatibility you may specify 32, 40, etc.
Longer session ID is harder to guess. At least 32 chars is recommended.Compatibility Note: Use 32 for session.hash_func=0 (MD5) and session.hash_bits_per_character=4,session.hash_func=1 (SHA1) and session.hash_bits_per_character=6. Use 26 for session.hash_func=0 (MD5) and session.hash_bits_per_character=5. Use 22 for session.hash_func=0 (MD5) andsession.hash_bits_per_character=6. You must configure INI values to have at least 128 bits in session ID. Do not forget set appropriate value to session.sid_bits_per_character, otherwise you will have weaker session ID.

 session.sid_bits_per_character
session.sid_per_character allows you to specify the number of bits in encoded session ID character. The possible values are ‘4’ (0-9, a-f), ‘5’ (0-9, a-v), and ‘6’ (0-9, a-z, A-Z, “-“, “,”). The default is 4. The more bits results in stronger session ID. 5 is recommended value for most environments.