Why do you use time 2 times in your list? It will be the same both times.

I assume you are refering to dragonchild's code since the OP doesnt have time in there twice.

It will not matter if the time is the same, the idea is to generate a (sorta) unique string, and it will do that. Once put through md5_hex, it wont much matter after that. MD5 will give you the true uniqueness, all you really need a a bit of entropy to get it started.

To add "time" a second time does not make the string more unique than with just once "time".
It makes the theoretical entropy higher but that's not the target here as we are not defending hackers. We just want to avoid collisions. The uniqeness of the id's must be achieved before feeding them through MD5.

pelagic

To add "time" a second time does not make the string more unique than with just once "time".

I agree, that adding time the second time really does not add a whole lot to the uniquness of the string. But what does it hurt?

The uniqeness of the id's must be achieved before feeding them through MD5.

Given that it is highly unlikely that two sessions will be created within the same apache child process and less than a second away from one another. Just doing $$ . time() would likely be sufficient. But then again, this is not my technique (see below for that).

-stvn

If we're talking about getting entropy, why don't we go with a better entropy source than the minor disparity between the two calls to time which at MOST will vary by one digit, which is not very entropic. Why don't you just call hotbits and grab some radioactive decay data in hex format, break it apart and loop over it to give us some real entropy. That WILL decidely minimize the chance of collisions. Since your already acting against data returned by Sys::Hostname, this should be right up the alley of what your doing.