Open socketpair opened 8 years ago
Thanks for your comment. in my opinion, slash and plus are legal in cookies' value. What is the risk for generate token with base64 directly?
base64 is just a way to encode binary value. It have nothing common with generating random data.
If you ask about base64 module — it is just wrapper over binascii module — see sources. Using binascii directly is just faster in you case.
this feature is added in version 1.1.5, thank you for your suggestion.
binascii.b2a_base64(os.urandom(24))[:-1]
is faster and much secure since:64**24 = 2**144
random items, while your way generates256**16 = 2**128
variantsit needs to be checked for special symbols like
/
and+