in reply to Re^6: Identifying clients
in thread Identifying clients

Consider this :- 
my $session1 = crypt rand, 'XX';
my $session2 = crypt rand, 'AA';

[download]
Are you always guaranteed to have different values for $session1 and $session2?? No, there is an incalculable chance that they might be same.

I would consider a function of some non-random values instead, something along the lines of this. 
my $session - crypt time, "XX";

[download]
But two clients could still end up with the same session ID, so here's a to try and guarantee that no two session IDs are ever the same, even in the oddest case where the same user has logged in at multiple instances. 
my $rawID = time . ( toNum( $userID ) % toNum( $password ) +
            toNum( $ENV{REMOTE_ADDR} ) % $ENV{REMOTE_PORT} );

my $sessionID = crypt $rawID, "PY";

[download]
It's still imperfect, but you can always amend it to your needs. Also, I'm not sure how seriously crypt() can be taken as a trustworthy hashing function.


perl -e '$,=$",$_=(split/\W/,$^X)[y[eval]]]+--$_],print+just,another,split,hack'er

In Section Seekers of Perl Wisdom