Re: Re: Re: Re: Can I Create A Persistent Flock Under CGI.pm?

Looking at the previous discussions on this, I've seen the code below. I was wondering if you were in a mod_perl enviroment, couldn't the same process call the function to generate the session twice in a second? I know with the random component that it's unlikely to have a collision but to be safe I've been using Timer::HiRes, is this overkill?

# How I've seen it suggested
use MD5;

sub generate_id {
    return substr(MD5->hexhash(time(). {}. rand(). $$. 'blah'), 0, 16)
+;
}

# Is this better or overkill?
use Time::HiRes qw(gettimeofday usleep);
use Digest::MD5 qw(md5_hex);

sub generate_sessionID {


    my ($s, $usec) = gettimeofday;    # Get time of day in seconds and
+ useconds

    usleep(1);    # Sleep for one usec so a persistant process can't c
+all it twice in a usec (for mod_perl)

    # Sessionkey is MD5 hash of seconds_since_epoch+usecs+process_id+r
+andom
    return substr(md5_hex($s.$usec.$$.rand()), 0, 32);
    

}
[download]

-Lee

"To be civilized is to deny one's nature."

Comment on Re: Re: Re: Re: Can I Create A Persistent Flock Under CGI.pm? Download Code

Replies are listed 'Best First'.
Re: Re: Re: Re: Re: Can I Create A Persistent Flock Under CGI.pm? by sierrathedog04 (Hermit) on May 30, 2001 at 02:11 UTC
My program is not in a mod_perl environment, so your solution might work for others but not for me. mod_perl seems to require that I recompile Apache and I am frightened of doing it. In addition, I think that mod_perl is a Fool-Killer and breaks scripts that are written by fools like me who do not always do things the CGI.pm way. Actually, it looks as though the semaphore solution offered by Japhy below will work and is within my capabilities to implement.	[reply]
Re: Re: Re: Re: Re: Re: Can I Create A Persistent Flock Under CGI.pm? by shotgunefx (Parson) on May 30, 2001 at 02:24 UTC
Actually it will work for regular CGI as well. The usecs won't hurt anything at all. I just decided to add it as an extra precaution because I do CGI and mod_perl. For what you are doing, I would 1. If the user doesn't have a sessionID cookie generate a sessionID for the user and set the cookie with the sessionID 2. Use this as the file name. (Make sure to use Taint and check the sessionID for naughty characters.) 3. Open the sessionID named file and read/store you data. 4. Write a script to clean up old files and throw it in cron. If you are really worried about filename collisions, write the files to a directory only used by this program. -Lee "To be civilized is to deny one's nature."	[reply]