session.rb: SHA512

* lib/cgi/session.rb (create_new_id): use SHA512 instead of MD5. pointed out by SARWAR JAHAN. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@51748 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
author: nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2015-09-03 12:12:14 +0000
committer: nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2015-09-03 12:12:14 +0000
commit: 16dbb79e88afc21bf1621acff54cabf1757430b1 ()
tree: 8626a9da2795d74022fc0551f0d71a67e543332e /lib/cgi/session.rb
parent: 5f6dedda011f51de104dcaedf309bc0dad4cac45 (diff)
1 files changed, 14 insertions, 12 deletions
@@ -163,24 +163,26 @@ class CGI
 # Create a new session id.
 #
- # The session id is an MD5 hash based upon the time,
- # a random number, and a constant string. This routine
- # is used internally for automatically generated
- # session ids.
 def create_new_id
 require 'securerandom'
 begin
 session_id = SecureRandom.hex(16)
 rescue NotImplementedError
- require 'digest/md5'
- md5 = Digest::MD5::new
 now = Time::now
- md5.update(now.to_s)
- md5.update(String(now.usec))
- md5.update(String(rand(0)))
- md5.update(String($$))
- md5.update('foobar')
- session_id = md5.hexdigest
 end
 session_id
 end
author	nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2015-09-03 12:12:14 +0000
committer	nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2015-09-03 12:12:14 +0000
commit	16dbb79e88afc21bf1621acff54cabf1757430b1 ()
tree	8626a9da2795d74022fc0551f0d71a67e543332e /lib/cgi/session.rb
parent	5f6dedda011f51de104dcaedf309bc0dad4cac45 (diff)