Uniqid() returns a prefixed unique identifier based on the current time in microseconds. The prefix can be useful for instance if you generate identifiers simultaneously on several hosts that might happen to generate the identifier at the same microsecond. Prefix can be up to 114 characters long.
If the optional lcg parameter is true, uniqid() will add additional "combined LCG" entropy at the end of the return value, which should make the results more unique.
With an empty prefix, the returned string will be 13 characters long. If lcg is true, it will be 23 characters.
Note: The lcg parameter is only available in PHP 4 and PHP 3.0.13 and later.
If you need a unique identifier or token and you intend to give out that token to the user via the network (i.e. session cookies), it is recommended that you use something along the lines of
$token = md5 (uniqid ("")); // no random portion $better_token = md5 (uniqid (rand())); // better, difficult to guess
This will create a 32 character identifier (a 128 bit hex number) that is extremely difficult to predict.