enforce unique ids

include/columnlynx/common/net/session_registry.hpp

@@ -78,6 +78,8 @@ namespace ColumnLynx::Net {
             // Get the number of registered sessions
             int size() const;
 
+            bool exists(uint32_t sessionID) const;
+
             // IP management
 
             // Get the lowest available IPv4 address; Returns 0 if none available

src/common/session_registry.cpp

@@ -60,6 +60,11 @@ namespace ColumnLynx::Net {
         return static_cast<int>(mSessions.size());
     }
 
+    bool SessionRegistry::exists(uint32_t sessionID) const {
+        std::shared_lock lock(mMutex);
+        return mSessions.find(sessionID) != mSessions.end();
+    }
+    
     uint32_t SessionRegistry::getFirstAvailableIP(uint32_t baseIP, uint8_t mask) const {
         std::shared_lock lock(mMutex);
 

src/server/net/tcp/tcp_connection.cpp

@@ -211,8 +211,10 @@ namespace ColumnLynx::Net::TCP {
 
                     std::memcpy(mConnectionAESKey.data(), decrypted.data(), decrypted.size());
 
-                    // Make a Session ID
+                    // Make a Session ID - unique and not zero (zero is reserved for invalid sessions)
+                    do {
                         randombytes_buf(&mConnectionSessionID, sizeof(mConnectionSessionID));
+                    } while (SessionRegistry::getInstance().exists(mConnectionSessionID) || mConnectionSessionID == 0); // Regenerate if it already exists or is zero (zero is reserved for invalid sessions)
 
                     // Encrypt the Session ID with the established AES key (using symmetric encryption, nonce can be all zeros for this purpose)
                     Nonce symNonce{}; // All zeros