crypto.randomBytes() instead of Math.random()

src/app.js

@@ -9,15 +9,17 @@ app.use(cookieParser());
 
 // bootstrap
 app.use('/css', express.static(__dirname + '/node_modules/bootstrap/dist/css'));
-// app.use(express.static('public'));
 
+//routes
 const routes = require(__dirname + '/routes');
 app.use("/", routes);
 
+//start server
 var server = http.listen(port, () => {
     console.log(`server is running on port ${server.address().port}`);
 });
 
+//socket.io
 io.on('connection', (socket) => {
     socket.on('chat message', (msg) => {
         console.log(`message: ${msg}, id: ${socket.id}`);

src/controllers/account.js

@@ -1,12 +1,14 @@
+const crypto = require('crypto');
 
 const accountController = {
   getCookie: (req, res) => {
     console.log("site loaded")
     console.log(req.cookies)
-    var cookie = req.cookies.user;
+    let cookie = req.cookies.user;
     if (!cookie) {
-        var randomNumber=Math.random().toString();
+        //crypto.randomBytes() instead of Math.random() for cryptographically secure random numbers
-        randomNumber=randomNumber.substring(2,randomNumber.length);
+        let randomBuffer = crypto.randomBytes(16); // 128bits of entropy
+        let randomNumber = randomBuffer.toString('hex');
         let options = {
             maxAge: 86400000, // 1 day
             httpOnly: true