Login/Register
What is the value in '$_SERVER['UNIQUE_ID'] used for?
Asked Answered
Solved phpsuperglobals
J

3

9

I can't find any mention of it in the documentation, but there seems to be an additional entry in the $_SERVER superglobal named UNIQUE_ID? What is this value used for?

It's fairly obvious that it's a unique ID, but of what? Of the current session, script, or server?

Janeljanela answered 8/8, 2014 at 5:0 Comment(0)
M
5

http://httpd.apache.org/docs/current/mod/mod_unique_id.html

Apache Module mod_unique_id

This module provides a magic token for each request which is guaranteed to be unique across "all" requests under very specific conditions. The unique identifier is even unique across multiple machines in a properly configured cluster of machines. The environment variable UNIQUE_ID is set to the identifier for each request. Unique identifiers are useful for various reasons which are beyond the scope of this document.

Magnien answered 8/8, 2014 at 5:3 Comment(4)
But what is the purpose of the ID - can we use it for anything?Fatherless
Can we use this as CSRF prevention tokens?Fernandefernandel
@Fernandefernandel - you would have to save the unique id server side when the form is loaded, and then send it on submit and check that it is the same as the one you saved.Magnien
@Fernandefernandel that is entirely possible, and actually likely now that I think about it. If you are already doing it, the simplest fix would be to salt + encrypt it to create the csrf. Or most likely whatever language you are using has a good csrf library which is actually a much better ideaMagnien
I
3

It is the identifier for each request which is set in the UNIQUE_ID.

From an article on devshed.com:

The $_SERVER superglobal contains some elements that are available in the CGI environment. Depending on the platform/web server/PHP install (cgi vs. compiled in vs. DSO etc) there can be many different variables available. You probably have the apache module "MOD_UNIQUE_ID" loaded, and apache sets this value in the CGI environment.

Also read this documentation

Ifill answered 8/8, 2014 at 5:2 Comment(0)
A
2

It is a result of the Apache module unique_id. Here is a link to the Apache doc...

http://www.itc.yorku.ca/manual/mod/mod_unique_id.html

Aubreir answered 8/8, 2014 at 5:3 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.