* lib/cgi/session.rb: use secrand for generating cookies.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@12476 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
author: akr <akr@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2007-06-08 05:39:13 +0000
committer: akr <akr@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2007-06-08 05:39:13 +0000
commit: b1cd416c1a446f2e47e964ee6e9d77461a16427d (patch)
tree: 749c85a49be920b92e9a33e25088e7f6fe06e3c3 /lib/cgi/session.rb
parent: 94fdd87fddb977ba4a9075a05476bc6fc294b746 (diff)
1 files changed, 15 insertions, 9 deletions
diff --git a/lib/cgi/session.rb b/lib/cgi/session.rb
index d2a1be4aab..7539be37c3 100644
--- a/lib/cgi/session.rb
+++ b/lib/cgi/session.rb
@@ -174,16 +174,22 @@ class CGI
     # is used internally for automatically generated
     # session ids. 
     def create_new_id
-      require 'digest/md5'
-      md5 = Digest::MD5::new
-      now = Time::now
-      md5.update(now.to_s)
-      md5.update(String(now.usec))
-      md5.update(String(rand(0)))
-      md5.update(String($$))
-      md5.update('foobar')
+      require 'secrand'
+      begin
+        session_id = SecRand.hex(16)
+      rescue NotImplementedError
+        require 'digest/md5'
+        md5 = Digest::MD5::new
+        now = Time::now
+        md5.update(now.to_s)
+        md5.update(String(now.usec))
+        md5.update(String(rand(0)))
+        md5.update(String($$))
+        md5.update('foobar')
+        session_id = md5.hexdigest[0,16]
+      end
       @new_session = true
-      md5.hexdigest[0,16]
+      session_id
     end
     private :create_new_id
author	akr <akr@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2007-06-08 05:39:13 +0000
committer	akr <akr@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2007-06-08 05:39:13 +0000
commit	b1cd416c1a446f2e47e964ee6e9d77461a16427d (patch)
tree	749c85a49be920b92e9a33e25088e7f6fe06e3c3 /lib/cgi/session.rb
parent	94fdd87fddb977ba4a9075a05476bc6fc294b746 (diff)