From 9c7e71c54ce960f3e9da1e8d3eb27d3b70cf3020 Mon Sep 17 00:00:00 2001
From: Vasile Popescu <elisescu@elisescu.com>
Date: Sat, 19 May 2018 16:25:24 +0200
Subject: [PATCH] Use a more secure session ID generator

---
 tty-server/session.go | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/tty-server/session.go b/tty-server/session.go
index fa4fc7f..3a55748 100644
--- a/tty-server/session.go
+++ b/tty-server/session.go
@@ -2,11 +2,11 @@ package main
 
 import (
 	"container/list"
+	"crypto/rand"
+	"encoding/base64"
 	"encoding/json"
-	"fmt"
 	"net"
 	"sync"
-	"time"
 
 	. "github.com/elisescu/tty-share/common"
 )
@@ -27,8 +27,14 @@ type ttyShareSession struct {
 }
 
 func generateNewSessionID() string {
-	// TODO: replace this with a proper way of generating secret session IDs
-	return fmt.Sprintf("%x", time.Now().UnixNano())
+	binID := make([]byte, 32)
+	_, err := rand.Read(binID)
+
+	if err != nil {
+		panic(err)
+	}
+
+	return base64.URLEncoding.EncodeToString([]byte(binID))
 }
 
 func newTTYShareSession(conn net.Conn, serverURL string) *ttyShareSession {