Code Room
Code reviewHardcr-g551
Subject Security broken authenticationLevel Senior–Staff~20 minCommon in Security interviewsIndustries Software development

Question

Review this PHP session-token generator.

What a strong answer looks like

Separate real bugs from style. Rank issues by severity, point at the root cause rather than the symptom, and suggest a concrete fix — specific and kind.

Talk through your review
Code to reviewphp
<?phpfunction create_session($user_id) {    // build a session token    $token = md5($user_id . time());    $expires = time() + 60 * 60 * 24 * 365; // 1 year    $db->query("INSERT INTO sessions (token, user_id, expires) VALUES ('$token', $user_id, $expires)");    setcookie('sid', $token, $expires);    return $token;}
Run or narrate your approach, then ask the coach.