On Tue, 17 May 2016 20:41:28 +0200 demerphq <demer...@gmail.com> wrote: > > If you fork before you call (s)rand then each child process will have > their own copy of the flag, which will be false, and thus will cause > srand() to be called in the subprocess properly. >
So now I'm lost : I understand this as meaning that one should _not_ call srand in mod_perl, since each child process is forked by Apache? In any case, I tried to use srand per André's suggestion and your other post: my $seed = time ^ $$ ; srand($seed); my $token = pack "LC*", time, map int rand 256, 1..32 ; my $session_id = encode_base64($token); It does not solve the problem : the same key is regenerated several times, I suppose because time is in seconds, and the machine serves 40 requests/second, so the seed gets reused? I tried using /dev/random, but this dies after two requests my $seed; open(RAND, "/dev/random") or die "no /dev/random?\n"; read (RAND, $seed, 4); close(RAND); srand(unpack("L", $seed)); Many posts on the web suggest using modules such as Math::Random. If I have to install additional modules, I'd prefer to use the Debian packaging system, for maintenance reasons. Is libcrypt-random-seed-perl a possibility? Still don't understand why the problem does not show up in the other machines, no matter what I throw at them. -- Bien à vous, Vincent Veyron https://compta.libremen.com Logiciel de comptabilité générale, libre