On 5/26/07, Jonathan Rockway <[EMAIL PROTECTED]> wrote:
Please keep in mind that by "rare", he means that you would have to generate 2317195645184714165087019331424 sessions per second for 10000000000 years in order to have a 50% chance of colliding with an existing session.
Or you could have it happen on the first try. It's just probability. If duplicate session IDs are a major concern for your application, generating them from mod_unique_id or a database sequence should prevent the possibility, and verifying your cookies with a MAC of some kind will prevent people from taking advantage of predictable IDs. It doesn't sound like this is the problem Bill was talking about though. - Perrin _______________________________________________ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/