I've deprecated the MD5 identifier factory because they produce predictable identifiers. I've added a secure random identifier that is cryptographically robust.
Out of that I've moved the common code for extracting the 8-char-prefix to a common place for easier refactoring.
It's interesting on how to continue here: Pseudo randomness is usually not desired in session ids, but it may be ok for some usages.
...tographically secure and unpredictable.
I've deprecated the MD5 identifier factory because they produce predictable identifiers. I've added a secure random identifier that is cryptographically robust. Out of that I've moved the common code for extracting the 8-char-prefix to a common place for easier refactoring.
It's interesting on how to continue here: Pseudo randomness is usually not desired in session ids, but it may be ok for some usages.