ColdFusion, Random Numbers, and Time

This post is more than 2 years old.

A while ago I logged a bug I had discovered with ColdFusion REST services. I had created a simple REST service that returned a random number between one and one hundred. Nothing too complex, right? But then I noticed something odd. If I called the REST service with a cfhttp call twice, I got the same number back. I had discovered - I thought - a serious caching issue with REST services. Turns out I was wrong.

If you read the comments for the bug, you will see one in particular that stands out:

I assume this is one of the engineers, although I don't know. It makes sense - kinda - but I certainly didn't know this and I'm willing to bet most folks aren't aware of this either. As a long time computer programmer, I have a vague idea of the intricacies of random number generation. Apparently it involves quantum states, time travel, and zombie kittens.

The person helping out on the comment thread suggested using IBMSecureRandom as an algorithm for the randRange, but according to the docs this is only supported on WebSphere. I used SHA1PRNG and it worked immediately.

Raymond Camden's Picture

About Raymond Camden

Raymond is a senior developer evangelist for Adobe. He focuses on document services, JavaScript, and enterprise cat demos. If you like this article, please consider visiting my Amazon Wishlist or donating via PayPal to show your support. You can even buy me a coffee!

Lafayette, LA

Archived Comments

Comment 1 by WilGeno posted on 3/12/2014 at 12:13 AM

The generation of random numbers is too important to be left to chance.

Comment 2 by Martijn van der Woud posted on 3/12/2014 at 12:48 AM

If you are interested in learning more about randomness and what it really means I highly recommend

They have some nice articles on the subject, and a web service that delivers true (not pseudo) random numbers based on atmospheric noise. How cool is that?

Comment 3 by Raymond Camden posted on 3/12/2014 at 7:43 AM

How cool? Very. :)

Comment 4 by Edward Beckett posted on 3/12/2014 at 5:03 PM

Definitely an uncool bug...Did you try using RandomUtils from Apache Commons? I think Joda might have a consistent implementation too...

Comment 5 by Edward Beckett posted on 3/12/2014 at 5:07 PM

@Martij is pretty awesome :)

Comment 6 by Raymond Camden posted on 3/12/2014 at 7:16 PM

@Edward: I'm not sure I'd call it a bug. I think the explanation in the bug report is clear enough - it is by design. Did you read my post completely though? By changing the algo, it worked as I expected.

Comment 7 by Edward Beckett posted on 3/13/2014 at 3:43 AM


Apologies ... I meant Zombie Kitten ..
Not Bug.

Sounds like a bug with a polite disclaimer ;)