Use UUID instead of Math.random() for stronger security key

svn changeset:13482/svn branch:6.4

diff --git a/src/com/vaadin/terminal/gwt/server/AbstractCommunicationManager.java b/src/com/vaadin/terminal/gwt/server/AbstractCommunicationManager.java
index 55f9d13fea2cd827d101e124d7d50771408f57af..d8664e216cdbfe3397de8a5243c8149970bc2752 100644 (file)
--- a/src/com/vaadin/terminal/gwt/server/AbstractCommunicationManager.java
+++ b/src/com/vaadin/terminal/gwt/server/AbstractCommunicationManager.java
@@ -34,6 +34,7 @@ import java.util.Locale;
 import java.util.Map;
 import java.util.Set;
 import java.util.StringTokenizer;
+import java.util.UUID;
 
 import javax.portlet.PortletRequest;
 import javax.portlet.PortletResponse;
@@ -672,7 +673,7 @@ public abstract class AbstractCommunicationManager implements
             String seckey = (String) request.getSession().getAttribute(
                     ApplicationConnection.UIDL_SECURITY_TOKEN_ID);
             if (seckey == null) {
-                seckey = "" + (int) (Math.random() * 1000000);
+                seckey = UUID.randomUUID().toString();
                 request.getSession().setAttribute(
                         ApplicationConnection.UIDL_SECURITY_TOKEN_ID, seckey);
             }