Since Django 3.2, PK default BigAutoField (= 64 bits integers) while the previous default was AutoField (= 32 bits integers). See this commit
The default size of tokens v2 assumed 4 bytes for the PK (32 bit integer) + 4 bytes for the timestamp (tokens should expire, really). I set the signature size at 10 bytes in order to land at 18 bytes, a multiple of 3, ideal for Base64 encoding.
With 8 bytes for the PK (64 bit integers), if I had to make the decision again, I'd set the signature size at 12 bytes in order to land at 8 + 4 + 12 = 24 bytes, again a multiple of 3.
To be honest, this is mostly an aesthetic issue :-) I don't want to break backwards compatibility for this.
However, it lead me to add support for changing the signature size transparently i.e. SESAME_SIGNATURE_SIZE = [12, 10] would generate 12 bytes signatures while still accepting 10 bytes signatures. I'm not sure anyone wants to configure signature sizes but I like the idea of making change possible.
aaugustin
commented
2 years ago
Since Django 3.2, PK default
BigAutoField(= 64 bits integers) while the previous default wasAutoField(= 32 bits integers). See this commitThe default size of tokens v2 assumed 4 bytes for the PK (32 bit integer) + 4 bytes for the timestamp (tokens should expire, really). I set the signature size at 10 bytes in order to land at 18 bytes, a multiple of 3, ideal for Base64 encoding.
With 8 bytes for the PK (64 bit integers), if I had to make the decision again, I'd set the signature size at 12 bytes in order to land at 8 + 4 + 12 = 24 bytes, again a multiple of 3.
To be honest, this is mostly an aesthetic issue :-) I don't want to break backwards compatibility for this.
However, it lead me to add support for changing the signature size transparently i.e.
SESAME_SIGNATURE_SIZE = [12, 10]would generate 12 bytes signatures while still accepting 10 bytes signatures. I'm not sure anyone wants to configure signature sizes but I like the idea of making change possible.