Mailing list home
  Find posts   Help

Latest messageRecent messages

In this thread:
 First
 Prev
 Next
 See whole thread
By msg id:
 Prev: 5 Mar 2003 18:44
 Next: 5 Mar 2003 11:06

Other threads:
 Prev: server side cookie handling example ...
 Next: RWT: Rebol Server Pages the Manual

Same author:
 Prev: 2 Mar 2003 8:29
 Next: 5 Mar 2003 13:00

 Random message

Indexes:
 By topic
 By date
 By author
 By subject
Join the Mailing List....
AccessibilityAbout / FAQ
Member's loungeContact/FeedbackOther REBOL links
Membership:
member name

password

Remember?

Not a member? Please join
26-Jul 23:46 UTC
[0.055] 9.359k
Mailing List Archive: 49091 messages
  • Home
  • Script library
  • AltME Archive
  • Mailing list
  • Articles Index
  • Site search
 

[REBOL] Re: RWT: Cookies

From: rebol:laurent-chevalier at: 5-Mar-2003 8:24


Hi Petr,

I'm using this function to generate unique and secure session ID in my
rsp.cgi :

build-id: has [ id ][
   random/seed join now/precise either config/log-path [		 checksum read
config/log-path ][ checksum to-string now/precise ]
   until [
     id: make string! (config/session-key-length + 5)
     loop config/session-key-length [ append id first random
ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789
 ]
     not exists? to-file rejoin [config/session-dir id ext]
   ]
   id
]

Note the definition of a unique seed with random/seed to avoid
repetition of ID.

I'm getting entropy that to checksum read configl/log-path that depends
on the users of the service and so can be guess by any hacker.

See the code and documentation at http://www.shlik.org/rsp

Regards,
Laurent

Maarten Koopmans wrote:

1 · 2 · 3 · 4 · 5 · [6] · 7 · 8 ... 13 · 14 · 15 · 16 · 17 · See whole thread