id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
31807	Whether support more secure method to generate session id	dotuser	nobody	"Since django generate session id will utilize `random.SystemRandom()` firstly and then fallback to `random`[1]. According to doc, random have security issue for security or cryptographic uses[2]. Although doc says `secrets` module,  but `secrets` module will also utilize `SystemRandom` to generate[3]

Read `/dev/random/` will produce block and then it have a little effect on performance for application in Linux

So, have any plan to change a secure method to generate session id? Thanks !

[1] [https://github.com/django/django/blob/2.2.13/django/utils/crypto.py#L48-L69]
[2] [https://docs.python.org/3.7/library/random.html]
[3] [https://docs.python.org/3/library/secrets.html#secrets.SystemRandom]"	New feature	closed	contrib.sessions	2.2	Normal	wontfix			Unreviewed	0	0	0	0	0	0