diff options
author | akr <akr@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2007-06-08 05:39:13 +0000 |
---|---|---|
committer | akr <akr@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2007-06-08 05:39:13 +0000 |
commit | b1cd416c1a446f2e47e964ee6e9d77461a16427d (patch) | |
tree | 749c85a49be920b92e9a33e25088e7f6fe06e3c3 | |
parent | 94fdd87fddb977ba4a9075a05476bc6fc294b746 (diff) | |
download | ruby-b1cd416c1a446f2e47e964ee6e9d77461a16427d.tar.gz |
* lib/cgi/session.rb: use secrand for generating cookies.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@12476 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
-rw-r--r-- | ChangeLog | 2 | ||||
-rw-r--r-- | lib/cgi/session.rb | 24 |
2 files changed, 17 insertions, 9 deletions
@@ -2,6 +2,8 @@ Fri Jun 8 14:26:18 2007 Tanaka Akira <akr@fsij.org> * lib/secrand.rb: new file for secure random interface. + * lib/cgi/session.rb: use secrand for generating cookies. + Fri Jun 8 12:44:37 2007 NAKAMURA Usaku <usa@ruby-lang.org> * {win32,wince}/Makefile.sub: add lex.c rule. diff --git a/lib/cgi/session.rb b/lib/cgi/session.rb index d2a1be4aab..7539be37c3 100644 --- a/lib/cgi/session.rb +++ b/lib/cgi/session.rb @@ -174,16 +174,22 @@ class CGI # is used internally for automatically generated # session ids. def create_new_id - require 'digest/md5' - md5 = Digest::MD5::new - now = Time::now - md5.update(now.to_s) - md5.update(String(now.usec)) - md5.update(String(rand(0))) - md5.update(String($$)) - md5.update('foobar') + require 'secrand' + begin + session_id = SecRand.hex(16) + rescue NotImplementedError + require 'digest/md5' + md5 = Digest::MD5::new + now = Time::now + md5.update(now.to_s) + md5.update(String(now.usec)) + md5.update(String(rand(0))) + md5.update(String($$)) + md5.update('foobar') + session_id = md5.hexdigest[0,16] + end @new_session = true - md5.hexdigest[0,16] + session_id end private :create_new_id |