|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Doc Bug #50943 rand/mt_rand not seeded for every request
Submitted: 2010-02-05 23:37 UTC Modified: 2010-02-24 01:00 UTC
From: maarten-baert at hotmail dot com Assigned:
Status: No Feedback Package: Documentation problem
PHP Version: Irrelevant OS: Linux
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2010-02-05 23:37 UTC] maarten-baert at hotmail dot com
Rand/mt_rand is not seeded automatically for every request: if I use srand/mt_srand the results of rand/mt_rand in future requests (even in other scripts) are also affected.

The server uses PHP Version 5.2.4-2ubuntu5.9, I can't update it so I'm not sure whether this has been fixed in future versions. I can't reproduce this on my own computer (using CLI).

Maybe this isn't a bug, but the documentation claims the random number generator is seeded automatically, so if anyone uses rand/mt_rand to generate tokens, captchas (like me), or any other kind of security-related random data, an attacker could use this to get the same data every time.

Reproduce code:

echo rand(1,1000);

// OR

echo mt_rand(1,1000);


Expected result:
I expected to see a random number every time I refresh the page.

Actual result:
The first time I get a random number, but after that I always get 275 (rand) or 775 (mt_rand).


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2010-02-16 11:18 UTC]
I cannot duplicate this on PHP 5.3.1 or 5.2.4. My guess is that this is caused by Ubuntu specific changes. Otherwise you would have to provide more information about your setup.

daniel@daniel-laptop:~$ cat test.php
echo rand(1,1000);

echo PHP_EOL;
daniel@daniel-laptop:~$ ~/Desktop/php-5.2.4/sapi/cli/php --version
PHP 5.2.4 (cli) (built: Feb 16 2010 11:59:06) 
Copyright (c) 1997-2007 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies
daniel@daniel-laptop:~$ ~/Desktop/php-5.2.4/sapi/cli/php test.php
daniel@daniel-laptop:~$ ~/Desktop/php-5.2.4/sapi/cli/php test.php
daniel@daniel-laptop:~$ php --version
PHP 5.3.1 (cli) (built: Dec 11 2009 19:55:07) 
Copyright (c) 1997-2009 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2009 Zend Technologies
daniel@daniel-laptop:~$ php test.php
daniel@daniel-laptop:~$ php test.php
daniel@daniel-laptop:~$ ~/Desktop/php-5.2.4/sapi/cgi/php-cgi test.php
X-Powered-By: PHP/5.2.4
Content-type: text/html

daniel@daniel-laptop:~$ ~/Desktop/php-5.2.4/sapi/cgi/php-cgi test.php
X-Powered-By: PHP/5.2.4
Content-type: text/html

 [2010-02-24 01:00 UTC] doc-bugs at lists dot php dot net
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Fri Sep 25 10:01:23 2020 UTC