Use a CSRNG

Fixes #1.
rlipscombe · Jan 28, 2023 · ac49602 · ac49602
1 parent 247c2c4
commit ac49602
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/cowboy2_session_stream_h.erl b/src/cowboy2_session_stream_h.erl
@@ -38,7 +38,7 @@ init_session_3(_, _, Req) ->
 init_new_session(Req0) ->
     NewSessionId =
         base64url:encode(
-            rand:bytes(?SESSION_ID_LEN_BYTES)),
+            crypto:strong_rand_bytes(?SESSION_ID_LEN_BYTES)),
     Req = Req0#{session_id => NewSessionId, session => #{}},
     % TODO: HttpOnly, Secure, etc.
     CookieOpts = #{},