perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Vincent Veyron <vv.li...@wanadoo.fr>
Subject Re: random token re-used in subsequent requests
Date Tue, 17 May 2016 12:11:13 GMT
On Tue, 17 May 2016 10:16:43 +0200
André Warnier <aw@ice-sa.com> wrote:
> 
> I don't see above any signifiant difference in configuration between the servers, apart

> from the fact that the "faulty" server runs a 64-bit version of perl.

Sorry : slightly digressive rant about the fact that every time I compare my configs, I find
some subtle differences. Should be getting into config management tools, but that takes time
too.

> 
> Now I also found this :
>    http://rabexc.org/posts/randomizing-should-be-easy-right-oh
> 
> I am not sure that I really understand this all the way down, but would this not be a

> suspect in a case where the behaviour seems different between one 64-bit machine, and
a 
> bunch of 32-bit ones ?

Nope; same results on both types when running the script

> 
> This being said, it still looks to me as if the current code is flawed on *all* machines,

> and *will* repeat keys quite often. It just depends again on the exact sequence of 
> requests hitting a specific Apache, and the other parameters I mentioned before.
> I still believe that the fact that it does not *seem* to happen, is just due to the 
> inherent randomness of these other factors on the production machines.
> 

Well, I already posted a test with ab and 12 000 requests, so not sure about the 'quite often'
part?

This is on the faulty one :

xxxx@arsene:~$ perl -le '%h=();for (1..10_000_000) {my $session_id = join "", map +(0..9,"a".."z","A".."Z")[rand(10+26*2)],
1..32;$h{$session_id}=1};$v=keys %h; print $v'
10000000


-- 
					Bien à vous, Vincent Veyron 

https://libremen.com
Logiciels de gestion, libres

Mime
View raw message