Create 64 byte session ids

lib/models/session.js

@@ -3,7 +3,8 @@
  */
 
 var Model = require('../asteroid').Model
-  , asteroid = require('../asteroid');
+  , asteroid = require('../asteroid')
+  , crypto = require('crypto');
 
 /**
  * Default Session properties.
@@ -19,4 +20,37 @@ var properties = {
  * Extends from the built in `asteroid.Model` type.
  */
 
-var Session = module.exports = Model.extend('session', properties);
+var Session = module.exports = Model.extend('session', properties);
+
+/**
+ * Create a cryptographically random session id.
+ * 
+ * @param {Function} callback
+ */
+
+Session.createSessionId = function (fn) {
+  crypto.randomBytes(this.settings.sessionIdLength || 64, function(err, buf) {
+    if(err) {
+      fn(err);
+    } else {
+      fn(null, buf.toString('base64'));
+    }
+  });
+}
+
+/*!
+ * Hook to create session id.
+ */
+
+Session.beforeCreate = function (next, data) {
+  data = data || {};
+  
+  Session.createSessionId(function (err, id) {
+    if(err) {
+      next(err);
+    } else {
+      data.id = id;
+      next();
+    }
+  });
+}

test/user.test.js

@@ -37,6 +37,7 @@ describe('User', function(){
           
           assert(session.uid);
           assert(session.id);
+          assert.equal((new Buffer(session.id, 'base64')).length, 64);
           
           done();
         });