diff --git a/pages/sessions/basic-api/drizzle-orm.md b/pages/sessions/basic-api/drizzle-orm.md index fa5a7bd..ce0346c 100644 --- a/pages/sessions/basic-api/drizzle-orm.md +++ b/pages/sessions/basic-api/drizzle-orm.md @@ -154,6 +154,8 @@ export function generateSessionToken(): string { } ``` +> You can use UUID v4 here but the RFC does not mandate that IDs are generated using a secure random source. Do not use libraries that are not clear on the source they use. Do not use other UUID versions as they do not offer the same entropy size as v4. Consider using [`Crypto.randomUUID()`](https://developer.mozilla.org/en-US/docs/Web/API/Crypto/randomUUID). + The session ID will be SHA-256 hash of the token. We'll set the expiration to 30 days. ```ts diff --git a/pages/sessions/basic-api/mysql.md b/pages/sessions/basic-api/mysql.md index 85f1c44..b704a50 100644 --- a/pages/sessions/basic-api/mysql.md +++ b/pages/sessions/basic-api/mysql.md @@ -92,6 +92,8 @@ export function generateSessionToken(): string { } ``` +> You can use UUID v4 here but the RFC does not mandate that IDs are generated using a secure random source. Do not use libraries that are not clear on the source they use. Do not use other UUID versions as they do not offer the same entropy size as v4. Consider using [`Crypto.randomUUID()`](https://developer.mozilla.org/en-US/docs/Web/API/Crypto/randomUUID). + The session ID will be SHA-256 hash of the token. We'll set the expiration to 30 days. ```ts diff --git a/pages/sessions/basic-api/postgresql.md b/pages/sessions/basic-api/postgresql.md index debd893..d0e4098 100644 --- a/pages/sessions/basic-api/postgresql.md +++ b/pages/sessions/basic-api/postgresql.md @@ -92,6 +92,8 @@ export function generateSessionToken(): string { } ``` +> You can use UUID v4 here but the RFC does not mandate that IDs are generated using a secure random source. Do not use libraries that are not clear on the source they use. Do not use other UUID versions as they do not offer the same entropy size as v4. Consider using [`Crypto.randomUUID()`](https://developer.mozilla.org/en-US/docs/Web/API/Crypto/randomUUID). + The session ID will be SHA-256 hash of the token. We'll set the expiration to 30 days. ```ts diff --git a/pages/sessions/basic-api/prisma.md b/pages/sessions/basic-api/prisma.md index 834c1f2..cf9aa28 100644 --- a/pages/sessions/basic-api/prisma.md +++ b/pages/sessions/basic-api/prisma.md @@ -84,6 +84,8 @@ export function generateSessionToken(): string { } ``` +> You can use UUID v4 here but the RFC does not mandate that IDs are generated using a secure random source. Do not use libraries that are not clear on the source they use. Do not use other UUID versions as they do not offer the same entropy size as v4. Consider using [`Crypto.randomUUID()`](https://developer.mozilla.org/en-US/docs/Web/API/Crypto/randomUUID). + The session ID will be SHA-256 hash of the token. We'll set the expiration to 30 days. ```ts diff --git a/pages/sessions/basic-api/redis.md b/pages/sessions/basic-api/redis.md index 1b69389..72cf49c 100644 --- a/pages/sessions/basic-api/redis.md +++ b/pages/sessions/basic-api/redis.md @@ -61,7 +61,7 @@ export function generateSessionToken(): string { } ``` -> Throughout the site, we will use packages from [Oslo](https://oslojs.dev) for various operations. Oslo packages are fully-typed, lightweight, and has minimal dependencies. You can of course replace them with your own code, runtime-specific modules, or your preferred library. +> You can use UUID v4 here but the RFC does not mandate that IDs are generated using a secure random source. Do not use libraries that are not clear on the source they use. Do not use other UUID versions as they do not offer the same entropy size as v4. Consider using [`Crypto.randomUUID()`](https://developer.mozilla.org/en-US/docs/Web/API/Crypto/randomUUID). The session ID will be SHA-256 hash of the token. We'll set the expiration to 30 days. diff --git a/pages/sessions/basic-api/sqlite.md b/pages/sessions/basic-api/sqlite.md index 01d21e1..e50993a 100644 --- a/pages/sessions/basic-api/sqlite.md +++ b/pages/sessions/basic-api/sqlite.md @@ -92,6 +92,8 @@ export function generateSessionToken(): string { } ``` +> You can use UUID v4 here but the RFC does not mandate that IDs are generated using a secure random source. Do not use libraries that are not clear on the source they use. Do not use other UUID versions as they do not offer the same entropy size as v4. Consider using [`Crypto.randomUUID()`](https://developer.mozilla.org/en-US/docs/Web/API/Crypto/randomUUID). + The session ID will be SHA-256 hash of the token. We'll set the expiration to 30 days. ```ts