Re: random token re-used in subsequent requests
On Wed, 18 May 2016 09:35:45 -0400 Lathan Bidwell wrote: > Is it possible that its not a problem of the rand, but a problem of the ||= > ? > > Try debugging the value before you set it. It could be a scoping issue > where the old value stays in the variable and then ||= doesn't overwrite it. > Hi Lathan, That's not it I'm afraid : below is this output in error_log before and after ||=, you can see that the value is undefined first, then set to a previous value after a few iterations Use of uninitialized value in concatenation (.) or string at /home/lib/Compta/Base/Handler/entry.pm line 146. Token : at /home/lib/Compta/Base/Handler/entry.pm line 146. Token : RzFMMRznJ9fRaHgVU27AQdrN4WgMr7cH at /home/lib/Compta/Base/Handler/entry.pm line 150. Use of uninitialized value in concatenation (.) or string at /home/lib/Compta/Base/Handler/entry.pm line 146. Token : at /home/lib/Compta/Base/Handler/entry.pm line 146. Token : 45GJYXZvPkMw55Zfkxr2H3EnN7S19Wzw at /home/lib/Compta/Base/Handler/entry.pm line 150. Use of uninitialized value in concatenation (.) or string at /home/lib/Compta/Base/Handler/entry.pm line 146. Token : at /home/lib/Compta/Base/Handler/entry.pm line 146. Token : xW0r3dUFFDfeTxzQnftxhMm2PyoX12Bc at /home/lib/Compta/Base/Handler/entry.pm line 150. Use of uninitialized value in concatenation (.) or string at /home/lib/Compta/Base/Handler/entry.pm line 146. Token : at /home/lib/Compta/Base/Handler/entry.pm line 146. Token : 8Os5Dyfmpch7DWOdZ0yvn1JN7aVrT9q3 at /home/lib/Compta/Base/Handler/entry.pm line 150. Use of uninitialized value in concatenation (.) or string at /home/lib/Compta/Base/Handler/entry.pm line 146. Token : at /home/lib/Compta/Base/Handler/entry.pm line 146. Token : VpCyv6GmeQwPqnD84nYBVGJeS93g64of at /home/lib/Compta/Base/Handler/entry.pm line 150. Use of uninitialized value in concatenation (.) or string at /home/lib/Compta/Base/Handler/entry.pm line 146. Token : at /home/lib/Compta/Base/Handler/entry.pm line 146. Token : 7YoiW2abgrnno8nivS8VYoEXKKh9K2KI at /home/lib/Compta/Base/Handler/entry.pm line 150. Use of uninitialized value in concatenation (.) or string at /home/lib/Compta/Base/Handler/entry.pm line 146. Token : at /home/lib/Compta/Base/Handler/entry.pm line 146. Token : nNDYxt5EocI8gjXwq7Lc5FczPdfcNKPn at /home/lib/Compta/Base/Handler/entry.pm line 150. Use of uninitialized value in concatenation (.) or string at /home/lib/Compta/Base/Handler/entry.pm line 146. Token : at /home/lib/Compta/Base/Handler/entry.pm line 146. Token : RzFMMRznJ9fRaHgVU27AQdrN4WgMr7cH at /home/lib/Compta/Base/Handler/entry.pm line 150. Use of uninitialized value in concatenation (.) or string at /home/lib/Compta/Base/Handler/entry.pm line 146. Token : at /home/lib/Compta/Base/Handler/entry.pm line 146. Token : 45GJYXZvPkMw55Zfkxr2H3EnN7S19Wzw at /home/lib/Compta/Base/Handler/entry.pm line 150. Use of uninitialized value in concatenation (.) or string at /home/lib/Compta/Base/Handler/entry.pm line 146. Token : at /home/lib/Compta/Base/Handler/entry.pm line 146. Token : xW0r3dUFFDfeTxzQnftxhMm2PyoX12Bc at /home/lib/Compta/Base/Handler/entry.pm line 150. Use of uninitialized value in concatenation (.) or string at /home/lib/Compta/Base/Handler/entry.pm line 146. Token : at /home/lib/Compta/Base/Handler/entry.pm line 146. Token : 8Os5Dyfmpch7DWOdZ0yvn1JN7aVrT9q3 at /home/lib/Compta/Base/Handler/entry.pm line 150. Use of uninitialized value in concatenation (.) or string at /home/lib/Compta/Base/Handler/entry.pm line 146. Token : at /home/lib/Compta/Base/Handler/entry.pm line 146. Token : VpCyv6GmeQwPqnD84nYBVGJeS93g64of at /home/lib/Compta/Base/Handler/entry.pm line 150. -- Bien à vous, Vincent Veyron https://compta.libremen.com Logiciel de comptabilité générale, libre
Re: recompiling perl
On Tue, 10 May 2016 09:13:27 -0500 Hiram Gibbard wrote: > If I want to recompile the mod_perl module so that it points to a custom > Perl location, is it as simply as editing the following line: > #!/usr/bin/perl -w Better off using the path to locate perl: #!/bin/env perl will do this on linux (env may be "/usr/bin/env" on BSD, Solaris). One advantage is that this allows you to install a test version of perl in, say, /opt/perl/5.24 then update your path to include that directory for testing. -- Steven Lembark 3646 Flora Pl Workhorse Computing St Louis, MO 63110 lemb...@wrkhors.com +1 888 359 3508
Re: random token re-used in subsequent requests
Is it possible that its not a problem of the rand, but a problem of the ||= ? Try debugging the value before you set it. It could be a scoping issue where the old value stays in the variable and then ||= doesn't overwrite it. *Lathan Bidwell* On Wed, May 18, 2016 at 9:08 AM, Vincent Veyron wrote: > On Wed, 18 May 2016 09:12:17 +0200 > André Warnier wrote: > > > Maybe you can try a BEGIN block. If I remember correctly, under mod_perl > (if you run under > > "registry" to keep the compiled cgi-bin in memory), a BEGIN block should > be run only once, > > when the script is first compiled (by this child). > > Tried that, no dice. And I checked the code on an eeepc, it generates > thousands of unique keys no problem, it's just that one server :-( > > Well, giving up for now. Thank you for your help. > > > -- > Bien à vous, Vincent Veyron > > https://libremen.com > Logiciels de gestion, libres >
Re: random token re-used in subsequent requests
On Wed, 18 May 2016 09:12:17 +0200 André Warnier wrote: > Maybe you can try a BEGIN block. If I remember correctly, under mod_perl (if > you run under > "registry" to keep the compiled cgi-bin in memory), a BEGIN block should be > run only once, > when the script is first compiled (by this child). Tried that, no dice. And I checked the code on an eeepc, it generates thousands of unique keys no problem, it's just that one server :-( Well, giving up for now. Thank you for your help. -- Bien à vous, Vincent Veyron https://libremen.com Logiciels de gestion, libres
Re: random token re-used in subsequent requests
On 18.05.2016 01:23, Vincent Veyron wrote:
On Tue, 17 May 2016 20:41:28 +0200
demerphq wrote:
If you fork before you call (s)rand then each child process will have
their own copy of the flag, which will be false, and thus will cause
srand() to be called in the subprocess properly.
So now I'm lost : I understand this as meaning that one should _not_ call srand
in mod_perl, since each child process is forked by Apache?
In any case, I tried to use srand per André's suggestion and your other post:
my $seed = time ^ $$ ;
srand($seed);
No, this will re-seed it every time, which is also not the point.
The explicit call to srand(), in any given child, should happen only once.
Maybe you can try a BEGIN block. If I remember correctly, under mod_perl (if you run under
"registry" to keep the compiled cgi-bin in memory), a BEGIN block should be run only once,
when the script is first compiled (by this child).
Now, "demerphg" says that this is all not valid, according to the perl source - which he
consulted and I did not - so it is only my own best guess.
But it is not very expensive to try.
my $token = pack "LC*", time, map int rand 256, 1..32 ;
my $session_id = encode_base64($token);
It does not solve the problem : the same key is regenerated several times, I
suppose because time is in seconds, and the machine serves 40 requests/second,
so the seed gets reused?
I tried using /dev/random, but this dies after two requests
my $seed;
open(RAND, "/dev/random") or die "no /dev/random?\n";
read (RAND, $seed, 4);
close(RAND);
srand(unpack("L", $seed));
Many posts on the web suggest using modules such as Math::Random. If I have to
install additional modules, I'd prefer to use the Debian packaging system, for
maintenance reasons. Is libcrypt-random-seed-perl a possibility?
Still don't understand why the problem does not show up in the other machines,
no matter what I throw at them.
