If you develop in PHP5 and you use Security::cipher in your CakePHP application – which is unlikely, since it’s an obscure function really only used by CookieComponent – and you also use PHP functions like rand() and array_rand(), you might notice an annoying bug: you’re getting the same random numbers each time. This is due to a bug of sorts in the Security class.

Line 183 of Security::cipher() reads:

srand(CIPHER_SEED);

This call to srand(), which seeds PHP’s random number generator, is only necessary in PHP4. In PHP5, the seeding process is done automatically and you’ll find that calling srand() in this way will persist for all subsequent calls of rand() and the like. So, all we need to do is wrap srand() in an if check:

if (!PHP5) {
    srand(CIPHER_SEED);
}

And that’s it! I’ve submitted a ticket at code.cakephp.org, so hopefully a fix comes into the core.