From a10180e58d9ee3cdc150e23c88d338c97a3890af Mon Sep 17 00:00:00 2001
From: Lex <lxstr@protonmail.com>
Date: Mon, 8 Jan 2024 16:20:54 +1000
Subject: [PATCH] Fix session id length implementation

---
 src/flask_session/sessions.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/flask_session/sessions.py b/src/flask_session/sessions.py
index e070c01e..5e9e61f1 100644
--- a/src/flask_session/sessions.py
+++ b/src/flask_session/sessions.py
@@ -56,8 +56,8 @@ class SqlAlchemySession(ServerSideSession):
 
 class SessionInterface(FlaskSessionInterface):
 
-    def _generate_sid(self, app):
-        return secrets.token_urlsafe(app.config["SESSION_ID_LENGTH"])
+    def _generate_sid(self, session_id_length):
+        return secrets.token_urlsafe(session_id_length)
     
     def __get_signer(self, app):
         if not hasattr(app, "secret_key") or not app.secret_key:
@@ -118,13 +118,13 @@ def set_cookie_to_response(self, app, session, response, expires):
     def open_session(self, app, request):
         sid = request.cookies.get(app.config["SESSION_COOKIE_NAME"])
         if not sid:
-            sid = self._generate_sid(app)
+            sid = self._generate_sid(app.config["SESSION_ID_LENGTH"])
             return self.session_class(sid=sid, permanent=self.permanent)
         if self.use_signer:
             try:
                 sid = self._unsign(app, sid)
             except BadSignature:
-                sid = self._generate_sid(app)
+                sid = self._generate_sid(app.config["SESSION_ID_LENGTH"])
                 return self.session_class(sid=sid, permanent=self.permanent)
         return self.fetch_session_sid(sid)