/ 
Apache-Session-1.94
River stage two • 34 direct dependents • 52 total dependents
/ Apache::Session::Serialize::Sybase
Security Advisories (1)
CVE-2025-40931 (2026-03-05)

Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id. Apache::Session::Generate::MD5 generates session ids insecurely. The default session id generator returns a MD5 hash seeded with the built-in rand() function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage. Predicable session ids could allow an attacker to gain access to systems.

NAME

Apache::Session::Serialize::Sybase - Use Storable to zip up persistent data and unpack/pack to put into Sybase-compatible image field

SYNOPSIS

use Apache::Session::Serialize::Sybase;

$zipped = Apache::Session::Serialize::Sybase::serialize($ref);
$ref = Apache::Session::Serialize::Sybase::unserialize($zipped);

DESCRIPTION

This module fulfills the serialization interface of Apache::Session by taking the data from Apache::Session::Serialize::Storable and modifying it to work with Sybase IMAGE fields. Note that you do not need to quote these values before inserting into the database, and that if you are using DBI::Sybase, you cannot use the data in a placeholder. If you use Apache::Session::Sybase as your session class, this will all get taken care of.

AUTHOR

Apache::Session::Serialize::Storable was written by Jeffrey William Baker <jwbaker@acm.org>; the Sybase-specific data manipulation was written by Mark Landry <mdlandry@lincoln.midcoast.com> for use in an earlier version of Apache::Session::DBI::Sybase and placed here by Chris Winters <chris@cwinters.com>.

SEE ALSO

Apache::Session::Serialize::Storable, Apache::Session::Sybase