From b1cd416c1a446f2e47e964ee6e9d77461a16427d Mon Sep 17 00:00:00 2001
From: akr <akr@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Fri, 8 Jun 2007 05:39:13 +0000
Subject: * lib/cgi/session.rb: use secrand for generating cookies.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@12476 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 lib/cgi/session.rb | 24 +++++++++++++++---------
 1 file changed, 15 insertions(+), 9 deletions(-)

(limited to 'lib')

diff --git a/lib/cgi/session.rb b/lib/cgi/session.rb
index d2a1be4aab..7539be37c3 100644
--- a/lib/cgi/session.rb
+++ b/lib/cgi/session.rb
@@ -174,16 +174,22 @@ class CGI
     # is used internally for automatically generated
     # session ids. 
     def create_new_id
-      require 'digest/md5'
-      md5 = Digest::MD5::new
-      now = Time::now
-      md5.update(now.to_s)
-      md5.update(String(now.usec))
-      md5.update(String(rand(0)))
-      md5.update(String($$))
-      md5.update('foobar')
+      require 'secrand'
+      begin
+        session_id = SecRand.hex(16)
+      rescue NotImplementedError
+        require 'digest/md5'
+        md5 = Digest::MD5::new
+        now = Time::now
+        md5.update(now.to_s)
+        md5.update(String(now.usec))
+        md5.update(String(rand(0)))
+        md5.update(String($$))
+        md5.update('foobar')
+        session_id = md5.hexdigest[0,16]
+      end
       @new_session = true
-      md5.hexdigest[0,16]
+      session_id
     end
     private :create_new_id
 
-- 
cgit v1.2.3