Ticket #1180: use_63bit_random.diff

File use_63bit_random.diff, 1.6 KB (added by mrts, 16 years ago)

Always use 63 bits for random

  • django/contrib/sessions/backends/base.py

     
    22import md5
    33import os
    44import random
    5 import sys
    65import time
    76from datetime import datetime, timedelta
    87from django.conf import settings
     
    1918    """
    2019    TEST_COOKIE_NAME = 'testcookie'
    2120    TEST_COOKIE_VALUE = 'worked'
     21    RAND_MAX = (2 << 62) - 2
    2222
    2323    def __init__(self, session_key=None):
    2424        self._session_key = session_key
     
    110114        "Returns session key that isn't being used."
    111115        # The random module is seeded when this Apache child is created.
    112116        # Use settings.SECRET_KEY as added salt.
     117        # Using 63 bits wide RAND_MAX means collision probability at
     118        # around 3,000,000,000 keys (that should be quite enough)
     119        # due to the birthday paradox:
     120        # int(sqrt((2 << 62) - 2)) == 3037000499
    113121        try:
    114122            pid = os.getpid()
    115123        except AttributeError:
    116124            # No getpid() in Jython, for example
    117125            pid = 1
    118126        while 1:
    119             session_key = md5.new("%s%s%s%s" % (random.randint(0, sys.maxint - 1),
    120                                   pid, time.time(), settings.SECRET_KEY)).hexdigest()
     127            session_key = md5.new("%s%s%s%s" %
     128                    (random.randint(0, self.RAND_MAX), pid,
     129                        time.time(), settings.SECRET_KEY)).hexdigest()
    121130            if not self.exists(session_key):
    122131                break
    123132        return session_key
Back to Top