diff options
author | Jeremy Kemper <jeremy@bitsweat.net> | 2007-10-18 18:25:31 +0000 |
---|---|---|
committer | Jeremy Kemper <jeremy@bitsweat.net> | 2007-10-18 18:25:31 +0000 |
commit | a9f790a748596c0ad6e61cc31b0058590f2383d2 (patch) | |
tree | 7c29a2abf5081639a673f21f0119c5d10d6cd41b /actionpack/lib | |
parent | b98dcdec070c41e49b38766d83cc8c2b6f71516b (diff) | |
download | rails-a9f790a748596c0ad6e61cc31b0058590f2383d2.tar.gz rails-a9f790a748596c0ad6e61cc31b0058590f2383d2.tar.bz2 rails-a9f790a748596c0ad6e61cc31b0058590f2383d2.zip |
Use SecureRandom to generate unique ids, if available.
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7966 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
Diffstat (limited to 'actionpack/lib')
-rw-r--r-- | actionpack/lib/action_controller/cgi_ext/session.rb | 34 |
1 files changed, 22 insertions, 12 deletions
diff --git a/actionpack/lib/action_controller/cgi_ext/session.rb b/actionpack/lib/action_controller/cgi_ext/session.rb index 0213ce91bd..a01f17f9ce 100644 --- a/actionpack/lib/action_controller/cgi_ext/session.rb +++ b/actionpack/lib/action_controller/cgi_ext/session.rb @@ -6,18 +6,28 @@ class CGI #:nodoc: # * Expose the CGI instance to session stores. # * Don't require 'digest/md5' whenever a new session id is generated. class Session #:nodoc: - # Generate an MD5 hash including the time, a random number, the process id, - # and a constant string. This is used to generate session ids but may be - # reused elsewhere. - def self.generate_unique_id(constant = 'foobar') - md5 = Digest::MD5.new - now = Time.now - md5 << now.to_s - md5 << String(now.usec) - md5 << String(rand(0)) - md5 << String($$) - md5 << constant - md5.hexdigest + begin + require 'securerandom' + + # Generate a 32-character unique id using SecureRandom. + # This is used to generate session ids but may be reused elsewhere. + def self.generate_unique_id(constant = nil) + SecureRandom.hex(16) + end + rescue LoadError + # Generate an 32-character unique id based on a hash of the current time, + # a random number, the process id, and a constant string. This is used + # to generate session ids but may be reused elsewhere. + def self.generate_unique_id(constant = 'foobar') + md5 = Digest::MD5.new + now = Time.now + md5 << now.to_s + md5 << String(now.usec) + md5 << String(rand(0)) + md5 << String($$) + md5 << constant + md5.hexdigest + end end # Make the CGI instance available to session stores. |