* lib/cgi/session.rb: use secrand for generating cookies.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@12476 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

ChangeLog

@@ -2,6 +2,8 @@ Fri Jun  8 14:26:18 2007  Tanaka Akira  <akr@fsij.org>
 
 	* lib/secrand.rb: new file for secure random interface.
 
+	* lib/cgi/session.rb: use secrand for generating cookies.
+
 Fri Jun  8 12:44:37 2007  NAKAMURA Usaku  <usa@ruby-lang.org>
 
 	* {win32,wince}/Makefile.sub: add lex.c rule.

lib/cgi/session.rb

@@ -174,16 +174,22 @@ class CGI
     # is used internally for automatically generated
     # session ids. 
     def create_new_id
-      require 'digest/md5'
-      md5 = Digest::MD5::new
-      now = Time::now
-      md5.update(now.to_s)
-      md5.update(String(now.usec))
-      md5.update(String(rand(0)))
-      md5.update(String($$))
-      md5.update('foobar')
+      require 'secrand'
+      begin
+        session_id = SecRand.hex(16)
+      rescue NotImplementedError
+        require 'digest/md5'
+        md5 = Digest::MD5::new
+        now = Time::now
+        md5.update(now.to_s)
+        md5.update(String(now.usec))
+        md5.update(String(rand(0)))
+        md5.update(String($$))
+        md5.update('foobar')
+        session_id = md5.hexdigest[0,16]
+      end
       @new_session = true
-      md5.hexdigest[0,16]
+      session_id
     end
     private :create_new_id