[imp] Imp 3.0 - random number generation

Jon Parise jon@horde.org
Wed, 17 Apr 2002 11:28:43 -0400

Previous message: [imp] Imp 3.0 - random number generation
Next message: [imp] imp 3.0 - maintenance screen foreign (non-english) language problem
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Apr 17, 2002 at 08:26:11AM -0400, Scott Kearney wrote:

> What method does Horde use to determine random numbers for session 
> generation? We're running a production environment here across four 
> servers with a shared session file space on an NFS drive. The chief 
> concerns are:

Horde uses PHP sessions.  See the php_session_create_id() function
here:

    http://cvs.php.net/co.php/php4/ext/session/session.c

>  - whether it's possible for two servers to generate the same, 
> conflicting, session files

Possible, but improbable.

>  - the randomness of the generated session id's, there is some concern 
> about session id hijacking

They're pretty random (based on the random number generation
capabilities of your machine).

-- 
Jon Parise (jon@csh.rit.edu)  .  Information Technology (2001)
http://www.csh.rit.edu/~jon/  :  Computer Science House Member

Previous message: [imp] Imp 3.0 - random number generation
Next message: [imp] imp 3.0 - maintenance screen foreign (non-english) language problem
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]