The unique_id() function I use (pieced together from the Camel, Randal's suggestions, and elsewhere) is:
sub unique_id() {
# Use Apache's mod_unique_id if available
return $ENV{UNIQUE_ID} if exists $ENV{UNIQUE_ID};
require MD5;
# ** Note ** This is intended to be unique, not unguessable.
my $id = MD5->hexhash(MD5->hexhash(time.{}.rand().$$));
$id =~ tr|+/=|-_.|; # make non-word characters URL friendly
return $id;
}
By using hexhash instead of base 64 you're also more likely to come up with ID that are safe to use (read, "no funny characters that might do something bad")