From: Lars R. N. <lar...@gm...> - 2009-07-09 19:43:31
|
On Thu, 2009-07-09 at 12:57 -0600, Carlos Konstanski wrote: > > I notice that you are going with a base-36 number. I'm guessing this > is to make use of all digits and letters. Could one extend this to > use all lowercase letters as well, or is there the possibility of > case-insensitive cookie handling in some browsers? > Googling, there is some mention of IE not maintaining case of cookie values... Not using base-36 results in longer strings (bandwidth). It doesn't save a lot, but still; I'm sending a _lot_ of small AJAX/Comet messages and I got to keep the overhead wrt. HTTP headers as low as possible. PS: I think the only thing that'll truly increase the randomness in this context is increasing the number of octets read from /dev/urandom. Adding more "character types" or increasing the set of characters doesn't matter! |