uniqid() returns a prefixed unique identifier based on the current time in microseconds. prefix is optional but can be useful, for instance, if you generate identifiers simultaneously on several hosts that might happen to generate the identifier at the same microsecond. Up until PHP 4.3.1, prefix could only be a maximum of 114 characters long.
If the optional more_entropy parameter is
TRUE, uniqid() will add additional entropy (using
the combined linear congruential generator) at the end of the return
value, which should make the results more unique.
With an empty prefix, the returned string
will be 13 characters long. If more_entropy is
TRUE, it will be 23 characters.
The prefix parameter became optional in PHP 5.
If you need a unique identifier or token and you intend to give out that token to the user via the network (i.e. session cookies), it is recommended that you use something along these lines:
// no prefix
$token = md5(uniqid());
// better, difficult to guess
$better_token = md5(uniqid(rand(), true));
This will create a 32 character identifier (a 128 bit hex number) that is extremely difficult to predict.