[ale] Perl random

[Greg Sabino Mullane]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
 
> I want to create session ids to be stored as cookies for use in my PERL
> CGI programs.  The IDs will be store in SQLlite with a key into a table
> that lists all the name value pairs for that session.  What I want to do
> is randomly generate a 64bit number and then convert it into a hex
> string.  This string will be 128 characters long.  I will then set that
> string as the session id in the cookie and insert it into the table.
 
Why the conversion to hex? Either store it in the database as hex, or
simply send the original number to the cookie. No need to complicate matters
by converting back and forth. For that matter, why use hex at all? The
character set is rather limiting: expand it out and you can get the
same non-collision rate at a much smaller character count. Here is an
example from one of my scripts that uses the whole mixed-case alphabet,
plus numbers, for a very unique 42 character string:
 
my @chars = ("A".."Z","a".."z",0..9);
my $loginuid = join"", at chars[map{rand at chars}(1..42)];
 
Throw an unique index on the loginuid column in the database and you are
done. I don't even bother to have the application check if the string
already exists, due to the extremely low chance of collision. (If it does,
the database unique constraint will cause the transaction to fail, and the
user will simply try again.)
 
- --
Greg Sabino Mullane greg at turnstep.com
PGP Key: 0x14964AC8 200404181632
-----BEGIN PGP SIGNATURE-----
 
iD8DBQFAgudBvJuQZxSWSsgRApUQAKCAiTEnCuPm3VSpG9iWLPhKs4Mu+gCgmo/n
egsSsDzYLjBKDha9ju6O9YM=
=y0Gr
-----END PGP SIGNATURE-----