From d84fc037fe9fefb0cf9fe0f8b570c43e85d1f77c Mon Sep 17 00:00:00 2001
From: Ethan Dalool <git@voussoir.net>
Date: Sat, 13 Jan 2018 15:49:14 -0800
Subject: [PATCH] Use urandom instead of uuid for session id.

---
 .../etiquette_flask/etiquette_flask/sessions.py  | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/frontends/etiquette_flask/etiquette_flask/sessions.py b/frontends/etiquette_flask/etiquette_flask/sessions.py
index f924ff3..8b415e6 100644
--- a/frontends/etiquette_flask/etiquette_flask/sessions.py
+++ b/frontends/etiquette_flask/etiquette_flask/sessions.py
@@ -1,14 +1,15 @@
-import flask
-from flask import request
+import flask; from flask import request
 import functools
-import uuid
+import math
+import os
 import werkzeug.wrappers
 
 from etiquette import helpers
 
-def _generate_token():
-    token = str(uuid.uuid4())
-    #print('MAKE SESSION', token)
+def _generate_token(length=32):
+    randbytes = os.urandom(math.ceil(length / 2))
+    token = ''.join('{:02x}'.format(x) for x in randbytes)
+    token = token[:length]
     return token
 
 def _normalize_token(token):
@@ -25,7 +26,8 @@ class SessionManager:
 
     def get(self, token):
         token = _normalize_token(token)
-        return self.sessions.get(token, None)
+        session = self.sessions.get(token, None)
+        return session
 
     def give_token(self, function):
         '''