search

pallets-eco / flask-session

Server side session extension for Flask
https://flask-session.readthedocs.io
BSD 3-Clause "New" or "Revised" License
490 stars 236 forks source link

Generate session identifiers with secrets module #198

Closed yrro closed 5 months ago

yrro commented 8 months ago

And increase identifier entropy to 128 bits, as recommended by OWASP: https://owasp.org/www-community/vulnerabilities/Insufficient_Session-ID_Length

Lxstr commented 5 months ago

0.6.0rc1 now uses secrets module and SESSION_ID_LENGTH