From ac496025b8acc0533f04488ad2beddcb551c42ed Mon Sep 17 00:00:00 2001
From: Roger Lipscombe <roger@differentpla.net>
Date: Sat, 28 Jan 2023 11:30:18 +0000
Subject: [PATCH] Use a CSRNG

Fixes #1.
---
 src/cowboy2_session_stream_h.erl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/cowboy2_session_stream_h.erl b/src/cowboy2_session_stream_h.erl
index ff9f20b..f7daef6 100644
--- a/src/cowboy2_session_stream_h.erl
+++ b/src/cowboy2_session_stream_h.erl
@@ -38,7 +38,7 @@ init_session_3(_, _, Req) ->
 init_new_session(Req0) ->
     NewSessionId =
         base64url:encode(
-            rand:bytes(?SESSION_ID_LEN_BYTES)),
+            crypto:strong_rand_bytes(?SESSION_ID_LEN_BYTES)),
     Req = Req0#{session_id => NewSessionId, session => #{}},
     % TODO: HttpOnly, Secure, etc.
     CookieOpts = #{},