[REBOL] Re: RWT: Cookies
From: rebol:laurent-chevalier at: 5-Mar-2003 8:24
Hi Petr,
I'm using this function to generate unique and secure session ID in my
rsp.cgi :
build-id: has [ id ][
random/seed join now/precise either config/log-path [ checksum read
config/log-path ][ checksum to-string now/precise ]
until [
id: make string! (config/session-key-length + 5)
loop config/session-key-length [ append id first random
ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789
]
not exists? to-file rejoin [config/session-dir id ext]
]
id
]
Note the definition of a unique seed with random/seed to avoid
repetition of ID.
I'm getting entropy that to checksum read configl/log-path that depends
on the users of the service and so can be guess by any hacker.
See the code and documentation at http://www.shlik.org/rsp
Regards,
Laurent
Maarten Koopmans wrote: