Fix session id collisions

laravel · Sep 1, 2016 · eb49a72 · eb49a72
1 parent c97ad2f
commit eb49a72
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/src/Illuminate/Session/Store.php b/src/Illuminate/Session/Store.php
@@ -184,7 +184,7 @@ public function setId($id)
      */
     public function isValidId($id)
     {
-        return is_string($id) && preg_match('/^[a-f0-9]{40}$/', $id);
+        return is_string($id) && ctype_alnum($id) && strlen($id) === 40;
     }
 
     /**
@@ -194,7 +194,7 @@ public function isValidId($id)
      */
     protected function generateSessionId()
     {
-        return sha1(uniqid('', true).Str::random(25).microtime(true));
+        return Str::random(40);
     }
 
     /**