You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
var fileName = this.prefix + crypto.createHash('md5').update(sid).digest('hex');
md5 is used to create a hash that can be appended to the file store. However, md5 has been proved to be broken, and it is entirely possible that multiple keys existed that would result in the same md5 hash. For applications that are using unsigned cookies, this could potentially be a problem. The simplest solution is to replace the md5 with sha1.
The text was updated successfully, but these errors were encountered:
+1 Although in practice, the vast majority of cookies will be signed. E.g express-session and its predecessor connect-session really force you to set a secret to use for signing.
In line 92,
md5 is used to create a hash that can be appended to the file store. However, md5 has been proved to be broken, and it is entirely possible that multiple keys existed that would result in the same md5 hash. For applications that are using unsigned cookies, this could potentially be a problem. The simplest solution is to replace the md5 with sha1.
The text was updated successfully, but these errors were encountered: