From f6c12ee50201171c23424f20398ddafaa9b939bc Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Tue, 13 May 2008 14:30:49 +0000
Subject: [PATCH] Changed SessionHandlerCookie to use Utilities::generateID for
 session id generation.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@548 44740490-163a-0410-bde0-09ae8108e29a
---
 lib/SimpleSAML/SessionHandlerCookie.php | 22 ++++------------------
 1 file changed, 4 insertions(+), 18 deletions(-)

diff --git a/lib/SimpleSAML/SessionHandlerCookie.php b/lib/SimpleSAML/SessionHandlerCookie.php
index c325bc5aa..7b82f4035 100644
--- a/lib/SimpleSAML/SessionHandlerCookie.php
+++ b/lib/SimpleSAML/SessionHandlerCookie.php
@@ -3,6 +3,9 @@
 /* We need access to the configuration from config/config.php. */
 require_once((isset($SIMPLESAML_INCPREFIX)?$SIMPLESAML_INCPREFIX:'') . 'SimpleSAML/Configuration.php');
 
+/* We need the generateID function from Utilities. */
+require_once((isset($SIMPLESAML_INCPREFIX)?$SIMPLESAML_INCPREFIX:'') . 'SimpleSAML/Utilities.php');
+
 /**
  * This file is part of SimpleSAMLphp. See the file COPYING in the
  * root of the distribution for licence information.
@@ -46,7 +49,7 @@ extends SimpleSAML_SessionHandler {
 		}
 
 		/* We don't have a valid session. Create a new session id. */
-		$this->session_id = self::createSessionID();
+		$this->session_id = SimpleSAML_Utilities::generateID();
 		setcookie('SimpleSAMLSessionID', $this->session_id, 0, '/',
 			NULL, self::secureCookie(), TRUE);
 	}
@@ -84,23 +87,6 @@ extends SimpleSAML_SessionHandler {
 	}
 
 
-	/* This static function creates a session id. A session id consists
-	 * of 32 random hexadecimal characters.
-	 *
-	 * Returns:
-	 *  A random session id.
-	 */
-	private static function createSessionID() {
-		$id = '';
-		for($i = 0; $i < 32; $i++) {
-			/* TODO: Is rand(...) secure enough? */
-			$id .= dechex(rand(0, 15));
-		}
-
-		return $id;
-	}
-
-
 	/* This static function validates a session id. A session id is valid
 	 * if it only consists of characters which are allowed in a session id
 	 * and it is the correct length.
-- 
GitLab