Re: Random, Unique, but Simple session ID
by Dominus (Parson) on Apr 13, 2001 at 21:31 UTC
|
Combine the time of day, the process ID number, and the
IP address of the host.
If you really need the IDs to be random, then generate
a random number, and the three items
above, and use them as input to the MD5 checksum algorithm.
| [reply] |
|
Technically, that could work. As long as you're not going
to have 32K sessions per second, that seems fairly unique.
Problem is, I believe the poster wanted random. There's many ways
you could run into race conditions in this case. I say it
depends on the application as to the source of randomness
and uniqueness. For example, if using a database that
supports sequences, you could MD5-encrypt a sequence
number with a random password, and that'd be both unique
and random, as well as fairly simple. Without more
information, it's difficult, though.
Update: Double posted; this should be under this node instead.
Update2: Second post had MD5 note added whereas first didn't.
| [reply] |
(dkubb) Re: (2) Random, Unique, but Simple session ID
by dkubb (Deacon) on Apr 13, 2001 at 21:50 UTC
|
You should look at Apache::Session. You can
use it's internal session generation system, without
using the entire module:
use Apache::Session::Generate::MD5;
#...
my $session_id = Apache::Session::Generate::MD5::generate();
You may want to explore this module more. I think it will
not only allow you to easily create pseudo-random session id's,
but also provide a simple interface to store and retrieve
session information. I've used Apache::Session many
times and I highly recommend it. | [reply] [d/l] |
Re: Random, Unique, but Simple session ID
by mothra (Hermit) on Apr 13, 2001 at 22:31 UTC
|
The unique_id() function I use (pieced together from the Camel, Randal's suggestions, and elsewhere) is:
sub unique_id() {
# Use Apache's mod_unique_id if available
return $ENV{UNIQUE_ID} if exists $ENV{UNIQUE_ID};
require MD5;
# ** Note ** This is intended to be unique, not unguessable.
my $id = MD5->hexhash(MD5->hexhash(time.{}.rand().$$));
$id =~ tr|+/=|-_.|; # make non-word characters URL friendly
return $id;
}
By using hexhash instead of base 64 you're also more likely to come up with ID that are safe to use (read, "no funny characters that might do something bad") | [reply] [d/l] |
|
| [reply] [d/l] |
Re: Random, Unique, but Simple session ID
by Masem (Monsignor) on Apr 13, 2001 at 21:33 UTC
|
Use some combination of the current date/time, a random number, and possibly a checksum to improve validity. Eg:
my $uniqueId = time()*10000 + int rand (10000);
$uniqueId = $uniqueId*100 + (
( ( $uniqueId div 10000000) % 10 ) *
( ( $uniqueId div 100 ) % 10 ) );
The latter uses the 8th and 3rd digit from the right as checksums in this case.
Dr. Michael K. Neylon - mneylon-pm@masemware.com
||
"You've left the lens cap of your mind on again, Pinky" - The Brain
| [reply] [d/l] |
|
Not to nit-pick, but a 'random number' is not guaranteed to be different the next time it's requested. There is a possibility two people will hit it within a second of each other (thus getting the same time) and get the same random number, thus giving them the same unique ID. Granted, the probability is low, but if you get a lot of ID requests, this will be a very real concern. I usually combine the process ID of the process making the request in with that, since it's highly unlikely you will iterate through the system's available process pool within 1 second of time, and combined with a random number like you're doing, makes it for all practical purposes completely unique.
| [reply] |
Re: Random, Unique, but Simple session ID
by Russ (Deacon) on Apr 13, 2001 at 23:02 UTC
|
| [reply] |
Re: Random, Unique, but Simple session ID
by THRAK (Monk) on Apr 13, 2001 at 21:49 UTC
|
| [reply] |
Re: Random, Unique, but Simple session ID
by Madams (Pilgrim) on Apr 14, 2001 at 08:20 UTC
|
How about this --many M$ programs make use of GUIDs (globally unique identifiers) they show up looking like this:{00000535-0000-0010-8000-00AA006D2EA4}. Visual studio and borland builder/delphi contain a program that produces them for the programmer...does any one know the algo that is used...the program is (per M$) guaranteed to produce *unique* values.
Perhaps this sort of item is what akm2s looking for?
_________________
madams@scc.net
(__)
(\/)
/-------\/
/ | 666 ||
* ||----||
| [reply] [d/l] |