in reply to Random, Unique, but Simple session ID

The unique_id() function I use (pieced together from the Camel, Randal's suggestions, and elsewhere) is:
sub unique_id() { # Use Apache's mod_unique_id if available return $ENV{UNIQUE_ID} if exists $ENV{UNIQUE_ID}; require MD5; # ** Note ** This is intended to be unique, not unguessable. my $id = MD5->hexhash(MD5->hexhash(time.{}.rand().$$)); $id =~ tr|+/=|-_.|; # make non-word characters URL friendly return $id; }

By using hexhash instead of base 64 you're also more likely to come up with ID that are safe to use (read, "no funny characters that might do something bad")