aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib
diff options
context:
space:
mode:
authorJeremy Kemper <jeremy@bitsweat.net>2007-10-18 18:25:31 +0000
committerJeremy Kemper <jeremy@bitsweat.net>2007-10-18 18:25:31 +0000
commita9f790a748596c0ad6e61cc31b0058590f2383d2 (patch)
tree7c29a2abf5081639a673f21f0119c5d10d6cd41b /actionpack/lib
parentb98dcdec070c41e49b38766d83cc8c2b6f71516b (diff)
downloadrails-a9f790a748596c0ad6e61cc31b0058590f2383d2.tar.gz
rails-a9f790a748596c0ad6e61cc31b0058590f2383d2.tar.bz2
rails-a9f790a748596c0ad6e61cc31b0058590f2383d2.zip
Use SecureRandom to generate unique ids, if available.
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7966 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
Diffstat (limited to 'actionpack/lib')
-rw-r--r--actionpack/lib/action_controller/cgi_ext/session.rb34
1 files changed, 22 insertions, 12 deletions
diff --git a/actionpack/lib/action_controller/cgi_ext/session.rb b/actionpack/lib/action_controller/cgi_ext/session.rb
index 0213ce91bd..a01f17f9ce 100644
--- a/actionpack/lib/action_controller/cgi_ext/session.rb
+++ b/actionpack/lib/action_controller/cgi_ext/session.rb
@@ -6,18 +6,28 @@ class CGI #:nodoc:
# * Expose the CGI instance to session stores.
# * Don't require 'digest/md5' whenever a new session id is generated.
class Session #:nodoc:
- # Generate an MD5 hash including the time, a random number, the process id,
- # and a constant string. This is used to generate session ids but may be
- # reused elsewhere.
- def self.generate_unique_id(constant = 'foobar')
- md5 = Digest::MD5.new
- now = Time.now
- md5 << now.to_s
- md5 << String(now.usec)
- md5 << String(rand(0))
- md5 << String($$)
- md5 << constant
- md5.hexdigest
+ begin
+ require 'securerandom'
+
+ # Generate a 32-character unique id using SecureRandom.
+ # This is used to generate session ids but may be reused elsewhere.
+ def self.generate_unique_id(constant = nil)
+ SecureRandom.hex(16)
+ end
+ rescue LoadError
+ # Generate an 32-character unique id based on a hash of the current time,
+ # a random number, the process id, and a constant string. This is used
+ # to generate session ids but may be reused elsewhere.
+ def self.generate_unique_id(constant = 'foobar')
+ md5 = Digest::MD5.new
+ now = Time.now
+ md5 << now.to_s
+ md5 << String(now.usec)
+ md5 << String(rand(0))
+ md5 << String($$)
+ md5 << constant
+ md5.hexdigest
+ end
end
# Make the CGI instance available to session stores.