From cdacfe1cb5156c4bde158f0592d1dd3c445be7dd Mon Sep 17 00:00:00 2001 From: Moritz Bunkus Date: Thu, 23 Jun 2011 15:17:25 +0200 Subject: [PATCH] Prozess-ID & Uhrzeit nicht sichtbar in Session-Keys verwenden --- SL/Auth.pm | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/SL/Auth.pm b/SL/Auth.pm index fd3bb0326..e2b54906c 100644 --- a/SL/Auth.pm +++ b/SL/Auth.pm @@ -815,12 +815,15 @@ sub create_unique_sesion_value { my $key = "$$-" . ($now[0] * 1000000 + $now[1]) . "-"; $self->{unique_counter} ||= 0; - $self->{unique_counter}++ while exists $self->{SESSION}->{$key . ($self->{unique_counter} + 1)}; - $self->{unique_counter}++; + my $hashed_key; + do { + $self->{unique_counter}++; + $hashed_key = md5_hex($key . $self->{unique_counter}); + } while (exists $self->{SESSION}->{$hashed_key}); - $self->set_session_value($key . $self->{unique_counter} => $value); + $self->set_session_value($hashed_key => $value); - return $key . $self->{unique_counter}; + return $hashed_key; } sub save_form_in_session { -- 2.20.1