search

lucia-auth / lucia

Authentication, simple and clean
https://lucia-auth.com
MIT License
8.35k stars 448 forks source link

[Bug]: Use proper Object ids instead of string. #1530

Closed ultimateshadsform closed 2 months ago

ultimateshadsform commented 2 months ago

Package

​@lucia-auth/adapter-mongodb

Describe the bug

Is there a reason ids need to be a string?

It would be better to just use it as intended and use Objects ids.

I had to research and debug just to realize I needed to put "string" on the _id in the db.

Would be nice if you could convert library to use Object ids as mongo uses that by default instead of "string"

And even stack overflow recommends to use object ids.

pilcrowOnPaper commented 2 months ago

For session IDs specifically, object IDs don’t provide enough entropy

ultimateshadsform commented 2 months ago

That doesnt make any sense?

Why would you need entropy on a random id?

It's just an identifier.

ultimateshadsform commented 2 months ago

No you're right. It's more secure and object ids can be guessed.

ultimateshadsform commented 2 months ago

I just changed to use prima instead and it now uses object ids.