#3507: sessions race condition
---------------------------------------+------------------------------------
   Reporter:  [EMAIL PROTECTED]  |                Owner:  adrian      
     Status:  new                      |            Component:  Contrib apps
    Version:  SVN                      |           Resolution:              
   Keywords:  sessions                 |                Stage:  Unreviewed  
  Has_patch:  0                        |           Needs_docs:  0           
Needs_tests:  0                        |   Needs_better_patch:  0           
---------------------------------------+------------------------------------
Changes (by ubernostrum):

  * needs_better_patch:  => 0
  * needs_tests:  => 0
  * needs_docs:  => 0

Comment:

 I'm not certain that it's something worth worrying about, given the
 extreme improbability -- unless I'm misreading, it would require two users
 to get the same pair of random numbers in the same order within an
 extremely short time of one another. And if we're going to worry about
 that probability -- my rough calculation is that such a collision will
 happen roughly once in every 4.6 quintillion key generations -- then we're
 stuck with no solution; there are also infinitesimally small chances that
 two users behind the same NAT would get the same pair of random numbers
 (in which case `REMOTE_ADDR` is no good) or would get the same datetime
 stamp from different server processes (in which case using a timestamp as
 salt is no good), etc.
 
 Or is there something I'm missing here?

-- 
Ticket URL: <http://code.djangoproject.com/ticket/3507#comment:1>
Django Code <http://code.djangoproject.com/>
The web framework for perfectionists with deadlines
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-updates?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to