From cdacfe1cb5156c4bde158f0592d1dd3c445be7dd Mon Sep 17 00:00:00 2001
From: Moritz Bunkus <m.bunkus@linet-services.de>
Date: Thu, 23 Jun 2011 15:17:25 +0200
Subject: [PATCH] Prozess-ID & Uhrzeit nicht sichtbar in Session-Keys verwenden

---
 SL/Auth.pm | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/SL/Auth.pm b/SL/Auth.pm
index fd3bb0326..e2b54906c 100644
--- a/SL/Auth.pm
+++ b/SL/Auth.pm
@@ -815,12 +815,15 @@ sub create_unique_sesion_value {
   my $key                   = "$$-" . ($now[0] * 1000000 + $now[1]) . "-";
   $self->{unique_counter} ||= 0;
 
-  $self->{unique_counter}++ while exists $self->{SESSION}->{$key . ($self->{unique_counter} + 1)};
-  $self->{unique_counter}++;
+  my $hashed_key;
+  do {
+    $self->{unique_counter}++;
+    $hashed_key = md5_hex($key . $self->{unique_counter});
+  } while (exists $self->{SESSION}->{$hashed_key});
 
-  $self->set_session_value($key . $self->{unique_counter} => $value);
+  $self->set_session_value($hashed_key => $value);
 
-  return $key . $self->{unique_counter};
+  return $hashed_key;
 }
 
 sub save_form_in_session {
-- 
2.20.1