UUID v1 for Sessions, UUID v4 for Requests

Not all UUIDs are created equal. When you need to replicate how a browser or external system generates identifiers, the version matters.

UUID v1 vs v4

UUID v4 is random — great for request IDs where uniqueness is all you need:

use Ramsey\Uuid\Uuid;

// Each request gets a unique random ID
$requestId = Uuid::uuid4()->toString();
// e.g., "a1b2c3d4-e5f6-4a7b-8c9d-0e1f2a3b4c5d"

UUID v1 is time-based — useful for session IDs where sortability and temporal ordering matter:

// Session ID that encodes when it was created
$sessionId = Uuid::uuid1()->toString();
// e.g., "6ba7b810-9dad-11d1-80b4-00c04fd430c8"

When to Use Which

• v4 (random): Request IDs, correlation IDs, idempotency keys — anything where uniqueness matters but order doesn’t
• v1 (time-based): Session IDs, event IDs, audit logs — anything where you want to sort by creation time or match sequential behavior

Takeaway

Match the UUID version to the lifecycle. Random for one-off requests, time-based for persistent sessions. It’s a small detail that makes debugging much easier when you’re tracing requests through logs.