Yes, it randomly chooses a 32-character string with characters from VALID_KEY_CHARS (which contains the lower-case characters 'a' to 'z', plus digits '0' to '9', so 36 elements).
It uses Python's random.SystemRandom if available (/dev/urandom on Linux, CryptGenRandom() on Windows), and otherwise Python's default Mersenne Twister PRNG is used, and reseeded before every call to get_random_string so it doesn't become predictable. See the source of get_random_string ( https://github.com/django/django/blob/master/django/utils/crypto.py) log2(36 ** 32) =~ about 165 bits of entropy (fewer when using the PRNG). Greetings, Remco Gerlich On Thu, Apr 28, 2016 at 7:23 AM, Arun S <[email protected]> wrote: > > Hi, > > Just trying to get a few answers on the Session IDs in Django. > > > how does Django Generate Session IDs/Session Keys. > It seems that Django does the following for Session Keys: > > def _get_new_session_key(self): > "Returns session key that isn't being used." > while True: > session_key = get_random_string(32, VALID_KEY_CHARS) > if not self.exists(session_key): > break > return session_key > > Does this mean that only a RANDOM string is chosen from the set of Valid > Key Chars ?? > If the Above is not the case, then > Does Django Support any Cryptographic Algorithms for Genearting Session > IDs? > in that case > Which Cryptographic Algorithm does Django Uses for Session IDs and how > many Bits of Entropy is used.?? > > Any information on this would be very helpful. > > Thanks > Arun > > -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at https://groups.google.com/group/django-users. > To view this discussion on the web visit > https://groups.google.com/d/msgid/django-users/eba81953-c59f-4aba-b733-e320cc6fdef8%40googlegroups.com > <https://groups.google.com/d/msgid/django-users/eba81953-c59f-4aba-b733-e320cc6fdef8%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAFAGLK2i1OfvyAFK4hFT5V4Ty2zJPfpAiOh33J2TFo9SiSspDA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
