[ic] Length of session id
ic at 3edge.com
ic at 3edge.com
Wed Sep 20 13:42:48 EDT 2006
Oleg Raskin writes:
> Greetings, list!
>
> For the sake of security I have been looking for a way to increase the
> length of the session id from 8 characters to something longer.
> Unfortunately, this doesn't seem to be addressed anywhere in the
> documentation or the list archive. I have also noticed by visiting a few
> of the sites in the "hall of fame" that they also use 8-character session
> id's. Is there any configuration or setting that may address this?
>
> Thanks.
From what I can see in the code the session id is assigned in
Vend/Session.pm by : $Vend::SessionID = random_string();
random_string sub is found in
Vend/Util.pm
And there it says:
sub random_string {
my ($len) = @_;
$len = 8 unless $len;
my ($r, $i);
$r = '';
for ($i = 0; $i < $len; ++$i) {
$r .= substr($random_chars, int(rand(length($random_chars))),
1);
}
$r;
}
As there is no parameter passed to random_string it takes 8 ... It could be
something relatively simple to make configurable I suppose?
CU,
Gert
More information about the interchange-users
mailing list