On 18.05.2016 01:23, Vincent Veyron wrote:
On Tue, 17 May 2016 20:41:28 +0200
demerphq <demer...@gmail.com> wrote:
If you fork before you call (s)rand then each child process will have
their own copy of the flag, which will be false, and thus will cause
srand() to be called in the subprocess properly.
So now I'm lost : I understand this as meaning that one should _not_ call srand
in mod_perl, since each child process is forked by Apache?
In any case, I tried to use srand per André's suggestion and your other post:
my $seed = time ^ $$ ;
srand($seed);
No, this will re-seed it every time, which is also not the point.
The explicit call to srand(), in any given child, should happen only once.
Maybe you can try a BEGIN block. If I remember correctly, under mod_perl (if you run under
"registry" to keep the compiled cgi-bin in memory), a BEGIN block should be run only once,
when the script is first compiled (by this child).
Now, "demerphg" says that this is all not valid, according to the perl source - which he
consulted and I did not - so it is only my own best guess.
But it is not very expensive to try.
my $token = pack "LC*", time, map int rand 256, 1..32 ;
my $session_id = encode_base64($token);
It does not solve the problem : the same key is regenerated several times, I
suppose because time is in seconds, and the machine serves 40 requests/second,
so the seed gets reused?
I tried using /dev/random, but this dies after two requests
my $seed;
open(RAND, "/dev/random") or die "no /dev/random?\n";
read (RAND, $seed, 4);
close(RAND);
srand(unpack("L", $seed));
Many posts on the web suggest using modules such as Math::Random. If I have to
install additional modules, I'd prefer to use the Debian packaging system, for
maintenance reasons. Is libcrypt-random-seed-perl a possibility?
Still don't understand why the problem does not show up in the other machines,
no matter what I throw at them.
