Please use rand-token instead of uid2
Closed this issue · 5 comments
Hi,
as reported for session middleware:
expressjs/session#49
Could you please consider to use another module instead of uid2 ?
In that issue I suggested node-uuid, but rand-token is now used. Could you please consider to make same change here?
L.
@dougwilson what's the difference? it basically does the same stuff but with more options and probably slower as well
actually, these are all stupid. we should just do base64url.encode(crypto.randomBytes(length).toString('base64'))
That would be awesome relying directly on node platform instead of have external dependency.
yup! done in 2.0.0. https://github.com/jonathanong/uid-safe if you care
what's the difference? it basically does the same stuff but with more options and probably slower as well
I just choose it to remove the WARN
from npm
when installing express-session
. I will change it to uid-safe
now that it exists with a major version bump, because the module is so old, I feel it is likely people are relying on the character set of the session ID in their stores, but idk.