Please use rand-token instead of uid2

Question

Please use rand-token instead of uid2

Closed this issue 10 years ago · 5 comments

LeoIannacone commented 10 years ago

Hi,

as reported for session middleware:
expressjs/session#49

Could you please consider to use another module instead of uid2 ?

In that issue I suggested node-uuid, but rand-token is now used. Could you please consider to make same change here?

L.

Answer 1 · 2014-06-18T08:16:46.000Z

@dougwilson what's the difference? it basically does the same stuff but with more options and probably slower as well

Answer 2 · 2014-06-18T08:23:51.000Z

actually, these are all stupid. we should just do base64url.encode(crypto.randomBytes(length).toString('base64'))

Answer 3 · 2014-06-18T09:14:14.000Z

That would be awesome relying directly on node platform instead of have external dependency.

Answer 4 · 2014-06-18T09:15:18.000Z

yup! done in 2.0.0. https://github.com/jonathanong/uid-safe if you care

Answer 5 · 2014-06-18T13:39:54.000Z

what's the difference? it basically does the same stuff but with more options and probably slower as well

I just choose it to remove the WARN from npm when installing express-session. I will change it to uid-safe now that it exists with a major version bump, because the module is so old, I feel it is likely people are relying on the character set of the session ID in their stores, but idk.