#3507: sessions race condition
---------------------------------------+------------------------------------
Reporter: [EMAIL PROTECTED] | Owner: adrian
Status: new | Component: Contrib apps
Version: SVN | Resolution:
Keywords: sessions | Stage: Unreviewed
Has_patch: 0 | Needs_docs: 0
Needs_tests: 0 | Needs_better_patch: 0
---------------------------------------+------------------------------------
Changes (by ubernostrum):
* needs_better_patch: => 0
* needs_tests: => 0
* needs_docs: => 0
Comment:
I'm not certain that it's something worth worrying about, given the
extreme improbability -- unless I'm misreading, it would require two users
to get the same pair of random numbers in the same order within an
extremely short time of one another. And if we're going to worry about
that probability -- my rough calculation is that such a collision will
happen roughly once in every 4.6 quintillion key generations -- then we're
stuck with no solution; there are also infinitesimally small chances that
two users behind the same NAT would get the same pair of random numbers
(in which case `REMOTE_ADDR` is no good) or would get the same datetime
stamp from different server processes (in which case using a timestamp as
salt is no good), etc.
Or is there something I'm missing here?
--
Ticket URL: <http://code.djangoproject.com/ticket/3507#comment:1>
Django Code <http://code.djangoproject.com/>
The web framework for perfectionists with deadlines
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en
-~----------~----~----~----~------~----~------~--~---
