LP1901930 More randomization to auth session keys

Testing with many parallel SIP clients using the same login credentials
showed that it's possible to have a hash collision when two logins occur
with the same second and using the same username when the same backend
auth_internal process handles the request.  This just adds more
randomness to the hash generation.

Signed-off-by: Bill Erickson <berickxx@gmail.com>

diff --git a/Open-ILS/src/c-apps/oils_auth_internal.c b/Open-ILS/src/c-apps/oils_auth_internal.c
index 948860f..06039f3 100644 (file)
--- a/Open-ILS/src/c-apps/oils_auth_internal.c
+++ b/Open-ILS/src/c-apps/oils_auth_internal.c
@@ -340,8 +340,9 @@ int oilsAuthInternalCreateSession(osrfMethodContext* ctx) {
     // determine the auth/cache timeout
     long timeout = oilsAuthGetTimeout(userObj, login_type, org_unit);
 
-    char* string = va_list_to_string("%d.%ld.%ld", 
-        (long) getpid(), time(NULL), oilsFMGetObjectId(userObj));
+    char* string = va_list_to_string("%ld.%d.%ld.%ld", 
+        random(), (long) getpid(), time(NULL), oilsFMGetObjectId(userObj));
+
     char* authToken = md5sum(string);
     char* authKey = va_list_to_string(
         "%s%s", OILS_AUTH_CACHE_PRFX, authToken);