File Coverage

blib/lib/Apache/Session/Generate/MD5.pm
Criterion Covered Total %
statement 17 17 100.0
branch 4 4 100.0
condition n/a
subroutine 5 5 100.0
pod 0 2 0.0
total 26 28 92.8


line stmt bran cond sub pod time code
1             #############################################################################
2             #
3             # Apache::Session::Generate::MD5;
4             # Generates session identifier tokens using MD5
5             # Copyright(c) 2000, 2001 Jeffrey William Baker (jwbaker@acm.org)
6             # Distribute under the Artistic License
7             #
8             ############################################################################
9              
10             package Apache::Session::Generate::MD5;
11              
12 2     2   1358 use strict;
  2         4  
  2         77  
13 2     2   10 use vars qw($VERSION);
  2         28  
  2         95  
14 2     2   9 use Digest::MD5;
  2         3  
  2         447  
15              
16             $VERSION = '2.1';
17              
18             sub generate {
19 31     31 0 11030 my $session = shift;
20 31         33 my $length = 32;
21            
22 31 100       69 if (exists $session->{args}->{IDLength}) {
23 28         24 $length = $session->{args}->{IDLength};
24             }
25            
26             $session->{data}->{_session_id} =
27 31         390 substr(Digest::MD5::md5_hex(Digest::MD5::md5_hex(time(). {}. rand(). $$)), 0, $length);
28            
29              
30             }
31              
32             sub validate {
33             #This routine checks to ensure that the session ID is in the form
34             #we expect. This must be called before we start diddling around
35             #in the database or the disk.
36              
37 2     2 0 3 my $session = shift;
38            
39 2 100       17 if ($session->{data}->{_session_id} !~ /^[a-fA-F0-9]+$/) {
40 1         13 die;
41             }
42             }
43              
44             1;
45              
46             =pod
47              
48             =head1 NAME
49              
50             Apache::Session::Generate::MD5 - Use MD5 to create random object IDs
51              
52             =head1 SYNOPSIS
53              
54             use Apache::Session::Generate::MD5;
55            
56             $id = Apache::Session::Generate::MD5::generate();
57              
58             =head1 DESCRIPTION
59              
60             This module fulfills the ID generation interface of Apache::Session. The
61             IDs are generated using a two-round MD5 of a random number, the time since the
62             epoch, the process ID, and the address of an anonymous hash. The resultant ID
63             number is highly entropic on Linux and other platforms that have good
64             random number generators. You are encouraged to investigate the quality of
65             your system's random number generator if you are using the generated ID
66             numbers in a secure environment.
67              
68             This module can also examine session IDs to ensure that they are, indeed,
69             session ID numbers and not evil attacks. The reader is encouraged to
70             consider the effect of bogus session ID numbers in a system which uses
71             these ID numbers to access disks and databases.
72              
73             This modules takes one argument in the usual Apache::Session style. The
74             argument is IDLength, and the value, between 0 and 32, tells this module
75             where to truncate the session ID. Without this argument, the session ID will
76             be 32 hexadecimal characters long, equivalent to a 128-bit key.
77              
78             =head1 AUTHOR
79              
80             This module was written by Jeffrey William Baker .
81              
82             =head1 SEE ALSO
83              
84             L