From 44aff437b488fd59868e59375172f15a933b3e71 Mon Sep 17 00:00:00 2001
From: hns <hannesw@gmail.com>
Date: Mon, 29 Jul 2002 18:11:51 +0000
Subject: [PATCH] Better session cookie creation algorithm. Random number and
 timestamp are now woven into one number. Both shorter and (presumably) more
 secure.

---
 src/helma/servlet/AbstractServletClient.java | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/helma/servlet/AbstractServletClient.java b/src/helma/servlet/AbstractServletClient.java
index a409b836..3a45fbb3 100644
--- a/src/helma/servlet/AbstractServletClient.java
+++ b/src/helma/servlet/AbstractServletClient.java
@@ -148,8 +148,9 @@ public abstract class AbstractServletClient extends HttpServlet {
 
 	    // check if we need to create a session id
 	    if (reqtrans.session == null) {
-	        reqtrans.session = Long.toString (Math.round (Math.random ()*Long.MAX_VALUE), 16);
-	        reqtrans.session += "@"+Long.toString (System.currentTimeMillis (), 16);
+	        reqtrans.session = Long.toString (
+	            Math.round (Math.random ()* Long.MAX_VALUE) -
+	            System.currentTimeMillis (), 36);
 	        Cookie c = new Cookie("HopSession", reqtrans.session);
 	        c.setPath ("/");
 	        if (cookieDomain != null)