How can I create a unique session value with a minimum on server load

i have used hash (i.e. md5) value of client ip + port + timestamp.

 

 

just my 2 cents.

I guess it depends on how globally unique you want the value to be. MD5 isn't considered a secure hashing algorithm anymore because it's been computationally proven to allow collisions. That said, the number of iterations it'd likely take to produce an MD5 collision versus the number of user session you're prepared to support probably makes it a reasonable choice.

 

 

And for what it's worth, a single AES operation is no better or worse than the two you're using, and likely less intensive to produce.

The AES::key command should be pretty cheap, CPU-wise. It only accesses the random number generator, and doesn't actually use any AES code. You seem to only be needing a 50-character random string, so you could do something like:

 

 

set new_session_value "[string range [AES::key 256] end-49 end]"

 

 

which only makes one call to the RNG and only has one string processing command.

Ah! I see that that is not actually true in recent versions. It could be a little expensive. Here's something which should be pretty cheap on recent versions:

binary scan [CRYPTO::keygen -alg random -len 200] "H*" new_session_value

This will generate a random 50 byte (== 200 bits) hex string pretty cheaply.