Ryan M Harris wrote: > What is the most secure way of generating a session number? > > I have used the following formula in the past. Is it secure (from a > randomness perspective)? Any way to make it more secure/random? > > sessionid = md5( <REMOTE_IP> + REMOTE_USER_AGENT> + rand() (5 bytes from > here) + microtime() ) Aside from it I often add extra time(). microtime() is too periodic, and time still increase. ;)) -- ## Adam Osuchowski adwolat_private, adwolat_private ## Silesian University of Technology, Computer Centre Gliwice, Poland
This archive was generated by hypermail 2b30 : Fri Jan 11 2002 - 12:49:14 PST