Ticket #1180: ticket_1180__rev_8168-getrandbits.diff

File ticket_1180__rev_8168-getrandbits.diff, 1.6 KB (added by Ben Slavin, 16 years ago)

Uses getrandbits to get random bits, rather than hacking it with random.randint

  • django/contrib/sessions/backends/base.py

     
    22import md5
    33import os
    44import random
    5 import sys
    65import time
    76from datetime import datetime, timedelta
    87try:
     
    2019    """
    2120    TEST_COOKIE_NAME = 'testcookie'
    2221    TEST_COOKIE_VALUE = 'worked'
     22    RANDOM_BITS = 64
    2323
    2424    def __init__(self, session_key=None):
    2525        self._session_key = session_key
     
    111111        "Returns session key that isn't being used."
    112112        # The random module is seeded when this Apache child is created.
    113113        # Use settings.SECRET_KEY as added salt.
     114        # Using 63 bits wide RAND_MAX means collision probability at
     115        # around 3,000,000,000 keys (that should be quite enough)
     116        # due to the birthday paradox:
     117        # int(sqrt((2 << 62) - 2)) == 3037000499
    114118        try:
    115119            pid = os.getpid()
    116120        except AttributeError:
    117121            # No getpid() in Jython, for example
    118122            pid = 1
    119123        while 1:
    120             session_key = md5.new("%s%s%s%s" % (random.randint(0, sys.maxint - 1),
    121                                   pid, time.time(), settings.SECRET_KEY)).hexdigest()
     124            session_key = md5.new("%s%s%s%s" %
     125                    (random.getrandbits(self.RANDOM_BITS), pid,
     126                        time.time(), settings.SECRET_KEY)).hexdigest()
    122127            if not self.exists(session_key):
    123128                break
    124129        return session_key
Back to Top