Comments (9)
With the next version of the library, feel free to do this yourself with the genid
option:
app.use(session({
genid: function(){ return uuid.v4() }
}))
from session.
This patch seems work fine:
diff --git a/index.js b/index.js
index d48bcd1..9cae893 100644
--- a/index.js
+++ b/index.js
@@ -9,7 +9,7 @@
* Module dependencies.
*/
-var uid = require('uid2')
+var uuid = require('node-uuid')
, onHeaders = require('on-headers')
, crc32 = require('buffer-crc32')
, parse = require('url').parse
@@ -85,7 +85,7 @@ function session(options){
// generates the new session
store.generate = function(req){
- req.sessionID = uid(24);
+ req.sessionID = uuid.v4();
req.session = new Session(req);
req.session.cookie = new Cookie(cookie);
};
diff --git a/package.json b/package.json
index df44c60..198f1b1 100644
--- a/package.json
+++ b/package.json
@@ -11,7 +11,7 @@
"cookie-signature": "1.0.3",
"debug": "1.0.2",
"on-headers": "0.0.0",
- "uid2": "0.0.3",
+ "uuid": "*",
"utils-merge": "1.0.0"
},
"devDependencies": {
from session.
Why does this matter?
from session.
I don't think it does. Plus there is no RFC for how to store session IDs in cookies.
from session.
In debian we have node-uuid, it's used by other 880 modules (uid2 by only 45) according with npm.
We consider it as a better implementation, I would suggest you to use it. That's all.
from session.
There are 880 modules that generate sessions with node-uuid? I think those numbers are not actually useful here. If we created a module that generated super awesome secure and fully random values and it was only used by this module, then your numbers argument would say it is inferior simply because it's only used by 1 module.
We can replace it. Can you provide us an actual reason why to replace it? So far you have not really provided a reason, and without a good maintainer for this module, we don't want to really just willy-nilly change stuff.
from session.
@dougwilson But there is an RFC on uid's http://www.ietf.org/rfc/rfc4122.txt
uid2
has no repository and no tests, so I'm not exactly in favor with it although it is quite simple and does the job.
from session.
@Fishrock123 the original reasoning on using UUID was it is "and more RFC compliance", but how it is more RFC compliance than using uid? I know there is a RFC for what a UUID is, but that doesn't related to using it for session IDs, which is my point.
from session.
Going to just close. Reopen if there's a valid reason unless someone wants to maintain this
from session.
Related Issues (20)
- When Run frontend and backend in diff domain it not working HOT 2
- Undefined session object with apollo v4 express and express-session HOT 1
- Regenerated session is re-saved even if not modified since save HOT 1
- Allow for sessions to be shared between subdomains. HOT 1
- Invalid argument type express-session "1.17.3" and redis "4.6.7", HOT 1
- Request session destroy does not always resolve before returning HOT 1
- TypeError: Cannot read properties of undefined (reading 'reload') HOT 4
- [FEATURE REQUEST] Session Async Methods
- `SESSION.DESTROY()` DOES NOT DELETE SESSION. HOT 7
- A `destroy`ed session is still `touch`ed HOT 1
- cookie options won't get set HOT 13
- [Feature Request] Support of phasing out third-party cookies HOT 16
- req.sessionStore.all with typescript bug? HOT 7
- Don't `Set-Cookie` for static/public files? HOT 2
- Issue HOT 1
- Can't set partitioned cookie even though I updated all of the package HOT 6
- 'sha1' hash algorithm used at index.js is unsafe HOT 3
- Any good ways to refresh database data with a session? HOT 4
- Get session object from `req.session` outside of request context HOT 3
- express session is failing because session is undefined HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from session.