From 8c54250449104148473e51b22ba78442d6314909 Mon Sep 17 00:00:00 2001
From: DcruBro <info@dcrubro.com>
Date: Tue, 10 Feb 2026 19:32:26 +0100
Subject: [PATCH] enforce unique ids

---
 include/columnlynx/common/net/session_registry.hpp | 2 ++
 src/common/session_registry.cpp                    | 5 +++++
 src/server/net/tcp/tcp_connection.cpp              | 6 ++++--
 3 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/include/columnlynx/common/net/session_registry.hpp b/include/columnlynx/common/net/session_registry.hpp
index cc764cc..e18f11e 100644
--- a/include/columnlynx/common/net/session_registry.hpp
+++ b/include/columnlynx/common/net/session_registry.hpp
@@ -78,6 +78,8 @@ namespace ColumnLynx::Net {
             // Get the number of registered sessions
             int size() const;
 
+            bool exists(uint32_t sessionID) const;
+
             // IP management
 
             // Get the lowest available IPv4 address; Returns 0 if none available
diff --git a/src/common/session_registry.cpp b/src/common/session_registry.cpp
index 491264d..ff3c065 100644
--- a/src/common/session_registry.cpp
+++ b/src/common/session_registry.cpp
@@ -60,6 +60,11 @@ namespace ColumnLynx::Net {
         return static_cast<int>(mSessions.size());
     }
 
+    bool SessionRegistry::exists(uint32_t sessionID) const {
+        std::shared_lock lock(mMutex);
+        return mSessions.find(sessionID) != mSessions.end();
+    }
+    
     uint32_t SessionRegistry::getFirstAvailableIP(uint32_t baseIP, uint8_t mask) const {
         std::shared_lock lock(mMutex);
 
diff --git a/src/server/net/tcp/tcp_connection.cpp b/src/server/net/tcp/tcp_connection.cpp
index 334e056..d5792f1 100644
--- a/src/server/net/tcp/tcp_connection.cpp
+++ b/src/server/net/tcp/tcp_connection.cpp
@@ -211,8 +211,10 @@ namespace ColumnLynx::Net::TCP {
 
                     std::memcpy(mConnectionAESKey.data(), decrypted.data(), decrypted.size());
 
-                    // Make a Session ID
-                    randombytes_buf(&mConnectionSessionID, sizeof(mConnectionSessionID));
+                    // Make a Session ID - unique and not zero (zero is reserved for invalid sessions)
+                    do {
+                        randombytes_buf(&mConnectionSessionID, sizeof(mConnectionSessionID));
+                    } while (SessionRegistry::getInstance().exists(mConnectionSessionID) || mConnectionSessionID == 0); // Regenerate if it already exists or is zero (zero is reserved for invalid sessions)
 
                     // Encrypt the Session ID with the established AES key (using symmetric encryption, nonce can be all zeros for this purpose)
                     Nonce symNonce{}; // All zeros