String::Random not generating unique auth codes in lib/Room/Controller/Root.pm

[gg]

Depending on how ./script/room_server.pl is launched (i.e. with the -f option), String::Random may not generate unique auth codes for each user, and this causes problems with the pokernetwork backend.

String::Random uses rand to generate random strings. When the -f option is used, Catalyst handles each request in a newly forked process. The Catalyst developers (#catalyst in irc.perl.org) informed me that the RNG is initialized (seeded) before forking a new process, so rand will be generating its "first" random number and will return the same value on each request.

More specifically, if Catalyst uses $NUM processes to handle requests, since the RNG is initialized before fork, then you have $NUM processes handling requests with identical RNG state. So if the first five requests are handled by five different processes, each of them will be generating its "first" random number and will return the same value. To avoid this problem, srand should be called in every process once after the fork. A developer in #catalyst says "the simplest way would be something like srand unless $MyApp:ID_SRAND++;".

Another possible solution is to use the user's session id (from the room_session cookie) as the auth code. Or perhaps Perl's Data::UUID module can be used instead of String::Random.

[hippich]

I'd like to use "the user's session id (from the room_session cookie) as the auth code."