On Tue, 17 May 2016 20:41:28 +0200
demerphq <[email protected]> wrote:
>
> If you fork before you call (s)rand then each child process will have
> their own copy of the flag, which will be false, and thus will cause
> srand() to be called in the subprocess properly.
>
So now I'm lost : I understand this as meaning that one should _not_ call srand
in mod_perl, since each child process is forked by Apache?
In any case, I tried to use srand per André's suggestion and your other post:
my $seed = time ^ $$ ;
srand($seed);
my $token = pack "LC*", time, map int rand 256, 1..32 ;
my $session_id = encode_base64($token);
It does not solve the problem : the same key is regenerated several times, I
suppose because time is in seconds, and the machine serves 40 requests/second,
so the seed gets reused?
I tried using /dev/random, but this dies after two requests
my $seed;
open(RAND, "/dev/random") or die "no /dev/random?\n";
read (RAND, $seed, 4);
close(RAND);
srand(unpack("L", $seed));
Many posts on the web suggest using modules such as Math::Random. If I have to
install additional modules, I'd prefer to use the Debian packaging system, for
maintenance reasons. Is libcrypt-random-seed-perl a possibility?
Still don't understand why the problem does not show up in the other machines,
no matter what I throw at them.
--
Bien à vous, Vincent Veyron
https://compta.libremen.com
Logiciel de comptabilité générale, libre
