Re: Sessions with perl cgi

Alternatively, if it's under apache on *nix you could install mod_unique_id to generate a unique id for you. According to Module mod_unique_id manual:

Your website has one or more machines under your administrative control, together we'll call them a cluster of machines. Each machine can possibly run multiple instances of Apache. All of these collectively are considered "the universe", and with certain assumptions we'll show that in this universe we can generate unique identifiers for each request, without extensive communication between machines in the cluster.

and

The UNIQUE_ID environment variable is constructed by encoding the 112-bit (32-bit IP address, 32 bit pid, 32 bit time stamp, 16 bit counter) quadruple using the alphabet A-Za-z0-9@- in a manner similar to MIME base64 encoding, producing 19 characters.

hth,
Deliria

Comment on Re: Sessions with perl cgi

Replies are listed 'Best First'.
Re: Re: Sessions with perl cgi by jdtoronto (Prior) on Oct 16, 2003 at 14:32 UTC
However even the documentation for this module admits the reasonable possibility of producing a duplicate ID. I haven't studied the module, but an encoding scheme is by its very definition, decodable. Thus the ID produced by this system may well be susceptible to brute force attacks. I, for one, would be much happier to see a non decodable result, using say an MD5 hash. jdtoronto	[reply]