45 lines
1.1 KiB
Perl
45 lines
1.1 KiB
Perl
#############################################################################
|
|
#
|
|
# Lemonldap::NG::Common::Apache::Session::Generate::SHA256
|
|
# Generates session identifier tokens using SHA-256
|
|
# Distribute under the Perl License
|
|
#
|
|
############################################################################
|
|
|
|
package Lemonldap::NG::Common::Apache::Session::Generate::SHA256;
|
|
|
|
use strict;
|
|
use Crypt::URandom;
|
|
|
|
our $VERSION = '2.1.0';
|
|
|
|
sub generate {
|
|
my $session = shift;
|
|
my $length = 64;
|
|
|
|
if ( exists $session->{args}->{IDLength} ) {
|
|
$length = $session->{args}->{IDLength};
|
|
}
|
|
|
|
$session->{data}->{_session_id} =
|
|
unpack( 'H*', Crypt::URandom::urandom( int( $length / 2 ) ) );
|
|
}
|
|
|
|
sub validate {
|
|
|
|
#This routine checks to ensure that the session ID is in the form
|
|
#we expect. This must be called before we start diddling around
|
|
#in the database or the disk.
|
|
|
|
my $session = shift;
|
|
|
|
if ( $session->{data}->{_session_id} =~ /^([a-fA-F0-9]+)$/ ) {
|
|
$session->{data}->{_session_id} = $1;
|
|
}
|
|
else {
|
|
die "Invalid session ID: " . $session->{data}->{_session_id};
|
|
}
|
|
}
|
|
|
|
1;
|