Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Use 20 random bytes in url-safe base64 for session ids (strings 15% s…

…maller than 16 bytes in hex, and still wouldn't likely have a collision even if we'd inserted 1 doc per millisecond since the big bang--hurray paranoia)
  • Loading branch information...
commit 719cf83969a22cd87c379f845337a04d67997121 1 parent a6fdfdc
@brianhempel brianhempel authored
View
3  lib/mongo_session_store/mongo_mapper.rb
@@ -28,7 +28,8 @@ class Session
private
def generate_sid
- SecureRandom.hex(24)
+ # 20 random bytes in url-safe base64
+ SecureRandom.base64(20).gsub('=','').gsub('+','-').gsub('/','_')
end
def get_session(env, sid)
View
3  lib/mongo_session_store/mongoid.rb
@@ -29,7 +29,8 @@ class Session
private
def generate_sid
- SecureRandom.hex(24)
+ # 20 random bytes in url-safe base64
+ SecureRandom.base64(20).gsub('=','').gsub('+','-').gsub('/','_')
end
def get_session(env, sid)
Please sign in to comment.
Something went wrong with that request. Please try again.