Beefy Boxes and Bandwidth Generously Provided by pair Networks
Syntactic Confectionery Delight
 
PerlMonks  

Random, Unique, but Simple session ID

by akm2 (Scribe)
on Apr 13, 2001 at 21:20 UTC ( #72402=perlquestion: print w/replies, xml ) Need Help??

akm2 has asked for the wisdom of the Perl Monks concerning the following question:

I've tried everything I can think of to generate a Random, Unique, but Simple session ID. I need an example of how to make A string that will never be duplicated but is easy to keep up with. Because I may want to pull the record of that session up for review.

Any help would be great.

Replies are listed 'Best First'.
Re: Random, Unique, but Simple session ID
by Dominus (Parson) on Apr 13, 2001 at 21:31 UTC
    Combine the time of day, the process ID number, and the IP address of the host.

    If you really need the IDs to be random, then generate a random number, and the three items above, and use them as input to the MD5 checksum algorithm.

      Technically, that could work. As long as you're not going to have 32K sessions per second, that seems fairly unique. Problem is, I believe the poster wanted random. There's many ways you could run into race conditions in this case. I say it depends on the application as to the source of randomness and uniqueness. For example, if using a database that supports sequences, you could MD5-encrypt a sequence number with a random password, and that'd be both unique and random, as well as fairly simple. Without more information, it's difficult, though.

      Update: Double posted; this should be under this node instead.
      Update2: Second post had MD5 note added whereas first didn't.
(dkubb) Re: (2) Random, Unique, but Simple session ID
by dkubb (Deacon) on Apr 13, 2001 at 21:50 UTC

    You should look at Apache::Session. You can use it's internal session generation system, without using the entire module:

    use Apache::Session::Generate::MD5; #... my $session_id = Apache::Session::Generate::MD5::generate();

    You may want to explore this module more. I think it will not only allow you to easily create pseudo-random session id's, but also provide a simple interface to store and retrieve session information. I've used Apache::Session many times and I highly recommend it.

Re: Random, Unique, but Simple session ID
by mothra (Hermit) on Apr 13, 2001 at 22:31 UTC
    The unique_id() function I use (pieced together from the Camel, Randal's suggestions, and elsewhere) is:
    sub unique_id() { # Use Apache's mod_unique_id if available return $ENV{UNIQUE_ID} if exists $ENV{UNIQUE_ID}; require MD5; # ** Note ** This is intended to be unique, not unguessable. my $id = MD5->hexhash(MD5->hexhash(time.{}.rand().$$)); $id =~ tr|+/=|-_.|; # make non-word characters URL friendly return $id; }

    By using hexhash instead of base 64 you're also more likely to come up with ID that are safe to use (read, "no funny characters that might do something bad")

      # ** Note ** This is intended to be unique, not unguessable. my $id = MD5->hexhash(MD5->hexhash(time.{}.rand().$$)); $id =~ tr|+/=|-_.|; # make non-word characters URL friendly
      Uh, that tr never fires there. hexhash always generates hex chars. Perhaps you're confusing this with the base64 versions that I was trying to steer the other petitioner around.

      -- Randal L. Schwartz, Perl hacker

Re: Random, Unique, but Simple session ID
by Masem (Monsignor) on Apr 13, 2001 at 21:33 UTC
    Use some combination of the current date/time, a random number, and possibly a checksum to improve validity. Eg:
    my $uniqueId = time()*10000 + int rand (10000); $uniqueId = $uniqueId*100 + ( ( ( $uniqueId div 10000000) % 10 ) * ( ( $uniqueId div 100 ) % 10 ) );
    The latter uses the 8th and 3rd digit from the right as checksums in this case.
    Dr. Michael K. Neylon - mneylon-pm@masemware.com || "You've left the lens cap of your mind on again, Pinky" - The Brain
      Not to nit-pick, but a 'random number' is not guaranteed to be different the next time it's requested. There is a possibility two people will hit it within a second of each other (thus getting the same time) and get the same random number, thus giving them the same unique ID. Granted, the probability is low, but if you get a lot of ID requests, this will be a very real concern. I usually combine the process ID of the process making the request in with that, since it's highly unlikely you will iterate through the system's available process pool within 1 second of time, and combined with a random number like you're doing, makes it for all practical purposes completely unique.
Re: Random, Unique, but Simple session ID
by Russ (Deacon) on Apr 13, 2001 at 23:02 UTC
Re: Random, Unique, but Simple session ID
by THRAK (Monk) on Apr 13, 2001 at 21:49 UTC
Re: Random, Unique, but Simple session ID
by Madams (Pilgrim) on Apr 14, 2001 at 08:20 UTC
    How about this --many M$ programs make use of GUIDs (globally unique identifiers) they show up looking like this:{00000535-0000-0010-8000-00AA006D2EA4}. Visual studio and borland builder/delphi contain a program that produces them for the programmer...does any one know the algo that is used...the program is (per M$) guaranteed to produce *unique* values.

    Perhaps this sort of item is what akm2s looking for?
    _________________
    madams@scc.net
    (__) (\/) /-------\/ / | 666 || * ||----||

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: perlquestion [id://72402]
Approved by root
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others imbibing at the Monastery: (2)
As of 2022-07-04 05:53 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found

    Notices?