# How I've seen it suggested
use MD5;

sub generate_id {
    return substr(MD5->hexhash(time(). {}. rand(). $$. 'blah'), 0, 16)
+;
}

# Is this better or overkill?
use Time::HiRes qw(gettimeofday usleep);
use Digest::MD5 qw(md5_hex);

sub generate_sessionID {


    my ($s, $usec) = gettimeofday;    # Get time of day in seconds and
+ useconds

    usleep(1);    # Sleep for one usec so a persistant process can't c
+all it twice in a usec (for mod_perl)

    # Sessionkey is MD5 hash of seconds_since_epoch+usecs+process_id+r
+andom
    return substr(md5_hex($s.$usec.$$.rand()), 0, 32);
    

}
[download]

My program is not in a mod_perl environment, so your solution might work for others but not for me.

mod_perl seems to require that I recompile Apache and I am frightened of doing it. In addition, I think that mod_perl is a Fool-Killer and breaks scripts that are written by fools like me who do not always do things the CGI.pm way.

Actually, it looks as though the semaphore solution offered by Japhy below will work and is within my capabilities to implement.

Actually it will work for regular CGI as well. The usecs won't hurt anything at all. I just decided to add it as an extra precaution because I do CGI and mod_perl.

For what you are doing, I would
1. If the user doesn't have a sessionID cookie generate a sessionID for the user and set the cookie with the sessionID
2. Use this as the file name. (Make sure to use Taint and check the sessionID for naughty characters.)
3. Open the sessionID named file and read/store you data.
4. Write a script to clean up old files and throw it in cron.

If you are really worried about filename collisions, write the files to a directory only used by this program.

-Lee

"To be civilized is to deny one's nature."