From f824eb961591dd268c646663126c6f073ab37ca4 Mon Sep 17 00:00:00 2001
From: A_A <21040751+Otto-AA@users.noreply.github.com>
Date: Sat, 11 Feb 2023 22:20:59 +0100
Subject: [PATCH] use secure uuid.v4 as session cookie secret

uuid.v1 is considered insecure and thus the secret could be bruteforced. Instead this will use uuid.v4 which includes proper randomness
---
 lib/create-app.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/create-app.js b/lib/create-app.js
index ff8336ef9..34b9e17eb 100644
--- a/lib/create-app.js
+++ b/lib/create-app.js
@@ -302,7 +302,7 @@ function initAuthentication (app, argv) {
 function sessionSettings (secureCookies, host) {
   const sessionSettings = {
     name: 'nssidp.sid',
-    secret: uuid.v1(),
+    secret: uuid.v4(),
     saveUninitialized: false,
     resave: false,
     rolling: true,