--- includes/common.inc.orig 2005-09-13 22:53:40.000000000 -0400 +++ includes/common.inc 2005-09-13 22:54:02.000000000 -0400 @@ -1056,6 +1056,7 @@ // this private key should always be kept secret if (!variable_get('drupal_private_key', '')) { variable_set('drupal_private_key', mt_rand()); + variable_set('drupal_private_key_created', time()); } // the verification token is an md5 hash of the form key and our private key --- modules/system.module.orig 2005-09-13 23:01:06.000000000 -0400 +++ modules/system.module 2005-09-13 23:02:06.000000000 -0400 @@ -50,6 +50,20 @@ } /** + * Implementation of hook_cron(). + * + * Regularly regenerate our private key, by default every 24 hours. + */ +function system_cron() { + if ((time() - variable_get('drupal_private_key_created', 0)) >= + variable_get('drupal_private_key_expire', 86400)) { + // our private key has expired, generate a new one + variable_set('drupal_private_key', mt_rand()); + variable_set('drupal_private_key_created', time()); + } +} + +/** * Implementation of hook_menu(). */ function system_menu($may_cache) {