Your skill will accomplish what the force of many cannot |
|
PerlMonks |
Re: unique cookie id?by hardburn (Abbot) |
on Dec 23, 2003 at 16:32 UTC ( [id://316647]=note: print w/replies, xml ) | Need Help?? |
IIRC, the PID under mod_perl will be the PID of whatever Apache thread you're running under. So the $ToBase62->($$) part will often be the same. This code makes me nervous, because it gives away the PID of the process. This is a small bit of information to give to an attacker, but I like to know that an attacker has as little information about my system as possible. Further, PIDs are not as random as they appear (unless you know your system does otherwise, such as OpenBSD or a patched version of Linux). For generating session IDs, I usually use Data::UUID. It's not guarenteed to be truely random (though if you want that it shouldn't be too difficult to patch or subclass), but it is guarenteed unique for a reasonable ammount of time. ---- : () { :|:& };: Note: All code is untested, unless otherwise stated
In Section
Seekers of Perl Wisdom
|
|