Skip to content
Browse files

Use 20 random bytes in url-safe base64 for session ids (strings 15% s…

…maller than 16 bytes in hex, and still wouldn't likely have a collision even if we'd inserted 1 doc per millisecond since the big bang--hurray paranoia)
  • Loading branch information...
1 parent a6fdfdc commit 719cf83969a22cd87c379f845337a04d67997121 @brianhempel brianhempel committed
Showing with 4 additions and 2 deletions.
  1. +2 −1 lib/mongo_session_store/mongo_mapper.rb
  2. +2 −1 lib/mongo_session_store/mongoid.rb
View
3 lib/mongo_session_store/mongo_mapper.rb
@@ -28,7 +28,8 @@ class Session
private
def generate_sid
- SecureRandom.hex(24)
+ # 20 random bytes in url-safe base64
+ SecureRandom.base64(20).gsub('=','').gsub('+','-').gsub('/','_')
end
def get_session(env, sid)
View
3 lib/mongo_session_store/mongoid.rb
@@ -29,7 +29,8 @@ class Session
private
def generate_sid
- SecureRandom.hex(24)
+ # 20 random bytes in url-safe base64
+ SecureRandom.base64(20).gsub('=','').gsub('+','-').gsub('/','_')
end
def get_session(env, sid)

0 comments on commit 719cf83

Please sign in to comment.
Something went wrong with that request. Please try again.