@blaasvaer/frmwrk 0.3.3 → 0.3.6

package/handle-request.js

@@ -1,6 +1,7 @@
 'use strict';
 
 const fs = require('fs');
+const crypto = require('crypto');
 const path = require('path');
 const statics = require('serve-handler');
 const { findRoute } = require('./router');
@@ -11,6 +12,15 @@ const content_types = {
 	"json" : 'application/json; charset=utf-8'
 };
 
+/**
+ * Generate a secure session id
+ * @returns string
+ */
+function generateSecureSessionID () {
+	// Use 32 bytes (64 hex characters) for high security
+	return crypto.randomBytes(32).toString('hex'); 
+}
+
 /**
  * Handle incoming request
  * @param  {Object} req The incoming request object
@@ -127,7 +137,9 @@ async function handleRequest( req, res ) {
 				// res.setHeader( 'Content-Security-Policy', "default-src 'self'; img-src 'self';");
 		
 				// Cookies
-				res.setHeader('Set-Cookie','uuid=1234-1324-1234-1234-1234; Max-Age=3000; SameSite=lax; Secure');
+				const secureSessionId = generateSecureSessionID();
+				// res.setHeader('Set-Cookie','uuid=1234-1324-1234-1234-1234; Max-Age=3000; SameSite=lax; Secure');
+				res.setHeader('Set-Cookie',`SESSIONID=${secureSessionId}; Max-Age=3000; SameSite=lax; Secure`);
 				// Set a same-site cookie for first-party contexts
 				// res.cookie('cookie1', 'value1', { sameSite: 'lax' });
 				// Set a cross-site cookie for third-party contexts

package/index.js

@@ -130,7 +130,7 @@ console.log("Authorize - check credentials:", credentials);
 		 * Create and start the server
 		 * @return {function} Server instance
 		 */
-		http.createServer( handleRequest ).listen(port, hostname, () => {
+		const server = http.createServer( handleRequest ).listen(port, hostname, () => {
 			console.log(`Server running at http://${hostname}:${port}`);
 		});
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@blaasvaer/frmwrk",
-  "version": "0.3.3",
+  "version": "0.3.6",
   "description": "My personal Node framework",
   "main": "index.js",
   "scripts": {