* lib/securerandom.rb: new file.

* lib/cgi/session.rb (create_new_id): use securerandom if available. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8@13672 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
author: akr <akr@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2007-10-10 14:37:42 +0000
committer: akr <akr@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2007-10-10 14:37:42 +0000
commit: f1a422e837e823d1b76e7e41887a00146296b8d5 (patch)
tree: e217fa94611b066a4e40d4d505937e09b59cf41a /lib/cgi
parent: 8183265212cab122fb7564d9e17c3b04f8d2b974 (diff)
1 files changed, 15 insertions, 9 deletions
diff --git a/lib/cgi/session.rb b/lib/cgi/session.rb
index 82eb7534d8..63d8cc97b2 100644
--- a/lib/cgi/session.rb
+++ b/lib/cgi/session.rb
@@ -174,16 +174,22 @@ class CGI
     # is used internally for automatically generated
     # session ids. 
     def create_new_id
-      require 'digest/md5'
-      md5 = Digest::MD5::new
-      now = Time::now
-      md5.update(now.to_s)
-      md5.update(String(now.usec))
-      md5.update(String(rand(0)))
-      md5.update(String($$))
-      md5.update('foobar')
+      require 'securerandom'
+      begin
+        session_id = SecureRandom.hex(16)
+      rescue NotImplementedError
+        require 'digest/md5'
+        md5 = Digest::MD5::new
+        now = Time::now
+        md5.update(now.to_s)
+        md5.update(String(now.usec))
+        md5.update(String(rand(0)))
+        md5.update(String($$))
+        md5.update('foobar')
+        session_id = md5.hexdigest
+      end
       @new_session = true
-      md5.hexdigest
+      session_id
     end
     private :create_new_id
author	akr <akr@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2007-10-10 14:37:42 +0000
committer	akr <akr@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2007-10-10 14:37:42 +0000
commit	f1a422e837e823d1b76e7e41887a00146296b8d5 (patch)
tree	e217fa94611b066a4e40d4d505937e09b59cf41a /lib/cgi
parent	8183265212cab122fb7564d9e17c3b04f8d2b974 (diff)