diff options
| -rw-r--r-- | ChangeLog | 2 | ||||
| -rw-r--r-- | lib/cgi/session.rb | 24 |
2 files changed, 17 insertions, 9 deletions
@@ -2,6 +2,8 @@ Fri Jun 8 14:26:18 2007 Tanaka Akira <akr@fsij.org> * lib/secrand.rb: new file for secure random interface. + * lib/cgi/session.rb: use secrand for generating cookies. + Fri Jun 8 12:44:37 2007 NAKAMURA Usaku <usa@ruby-lang.org> * {win32,wince}/Makefile.sub: add lex.c rule. diff --git a/lib/cgi/session.rb b/lib/cgi/session.rb index d2a1be4aab..7539be37c3 100644 --- a/lib/cgi/session.rb +++ b/lib/cgi/session.rb @@ -174,16 +174,22 @@ class CGI # is used internally for automatically generated # session ids. def create_new_id - require 'digest/md5' - md5 = Digest::MD5::new - now = Time::now - md5.update(now.to_s) - md5.update(String(now.usec)) - md5.update(String(rand(0))) - md5.update(String($$)) - md5.update('foobar') + require 'secrand' + begin + session_id = SecRand.hex(16) + rescue NotImplementedError + require 'digest/md5' + md5 = Digest::MD5::new + now = Time::now + md5.update(now.to_s) + md5.update(String(now.usec)) + md5.update(String(rand(0))) + md5.update(String($$)) + md5.update('foobar') + session_id = md5.hexdigest[0,16] + end @new_session = true - md5.hexdigest[0,16] + session_id end private :create_new_id |