Re: Random, Unique, but Simple session ID

The unique_id() function I use (pieced together from the Camel, Randal's suggestions, and elsewhere) is:

sub unique_id() {
    # Use Apache's mod_unique_id if available
    return $ENV{UNIQUE_ID} if exists $ENV{UNIQUE_ID};

    require MD5;

    # ** Note ** This is intended to be unique, not unguessable.
    my $id = MD5->hexhash(MD5->hexhash(time.{}.rand().$$));
    $id =~ tr|+/=|-_.|;     # make non-word characters URL friendly
    return $id;
}
[download]

By using hexhash instead of base 64 you're also more likely to come up with ID that are safe to use (read, "no funny characters that might do something bad")

Comment on Re: Random, Unique, but Simple session ID Download Code

Replies are listed 'Best First'.
Re: Re: Random, Unique, but Simple session ID by merlyn (Sage) on Apr 14, 2001 at 04:32 UTC
`# Note This is intended to be unique, not unguessable. my $id = MD5->hexhash(MD5->hexhash(time.{}.rand().$$)); $id =~ tr\|+/=\|-_.\|; # make non-word characters URL friendly` [download] Uh, that tr never fires there. hexhash always generates hex chars. Perhaps you're confusing this with the base64 versions that I was trying to steer the other petitioner around. -- Randal L. Schwartz, Perl hacker	[reply] [d/l]

Replies are listed 'Best First'.

Re: Re: Random, Unique, but Simple session ID
by merlyn (Sage) on Apr 14, 2001 at 04:32 UTC

   # ** Note ** This is intended to be unique, not unguessable. 
    my $id = MD5->hexhash(MD5->hexhash(time.{}.rand().$$)); 
    $id =~ tr|+/=|-_.|;     # make non-word characters URL friendly
[download]

-- Randal L. Schwartz, Perl hacker

[reply]
[d/l]