view release on metacpan or  search on metacpan

lib/Apache/iNcom/Session.pm  view on Meta::CPAN

    return new Apache::Session::DBIBase64Store $self;
}

sub get_lock_manager {
    my $self = shift;

    return new Apache::iNcom::SessionLocker;
}

# We want longer session id than the 16 characters of
# Apache::Session
# We override the method
sub generate_id {
    # Collision generates error on insert. So we don't
    # really care here if we generate same if twice. 
    # Besides with the random device, this probability
    # is really low.
  SAFE_ID:
    {
	last SAFE_ID unless $HAVE_RANDOM_DEV;
	open $random_dev, "/dev/urandom" or last SAFE_ID;
	my $session_id;
	read $random_dev, $session_id, 16 or last SAFE_ID;
	close $random_dev;

	return unpack( "H*", $session_id );
    }

    # If we got here, this system doesn't have
    # a random device, so we fudge.

    # How much real entropy we got in this ???
    return md5_hex( time(), {}, rand(), $$, 'foo' );
}

1;

__END__

=pod

=head1 NAME

Apache::iNcom::Session - Apache::Session implementation for Apache::iNcom

=head1 SYNOPSIS

use Apache::iNcom::Session;

=head1 DESCRIPTION

This is a subclass of Apache::Session used by the iNcom framework.
This Apache::Session implementation used the DBIBase64Store and NullLocker
for handling session persistence.

The other special thing about this implementation is that session IDs
are 128bits long and generated using the /dev/urandom device if
available.

This is a security feature to make session id very hard to guess.

=head1 AUTHOR

Copyright (c) 1999 Francis J. Lacoste and iNsu Innovations Inc.
All rights reserved.

This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.

=head1 SEE ALSO

Apache::iNcom(3) Apache::Session(3) Apache::Session::DBIBase64Store(3)
Apache::Session::NullLocker(3)

=cut