Issue 227 - allow custom session id generation

[nholik]

By submitting a PR to this repository, you agree to the terms within the Auth0 Code of Conduct. Please see the contributing guidelines for how to create and submit a high-quality PR for this repo.

Description

This commit address issue
227 allowing an implementation of genid to be used when a custom session store is used. This is fully compatible with the existing implementation and aligns with how expression-session allows for overriding the way session ids are generated. Note because of how session ids are generated in this library, it is not possible to simply fall into the custom store's genid function.

In implementing these changes, the following was done:

• Moved the default session id generation into config to make it clear what said default is
• Added a new parameter genid compatible with how it works for express-session
• Updated the appsession code to take advantage of the provided value and fallback to the default.
• Added unit tests validating the genid parameter being used when specified and not having any effect on the encrypted cookie
• Reordered the spread operators in the appsession custom store tests so that overrides are respected. This changed no other existing tests.
• Updated documentation with the additional, optional parameter along with links to the compatible usage in express-session.

References

See discussion in this issue #227
Also https://github.com/expressjs/session#genid

Testing

Tested with node 14

• This change adds test coverage for new/changed/fixed functionality

Checklist

• I have added documentation for new/changed functionality in this PR or in auth0.com/docs
• All active GitHub checks for tests, formatting, and security are passing
• The correct base branch is being used, if not master

[adamjmcgrath]

Thanks @nholik!