Custom login_handler endpoint, increase entropy of session id

[bsansone]

TG Version: 2.4.3

For the login form, when POST login_handler is hit, if there is already a session active it will return the currently active session id. Is it possible that each time that endpoint is hit, to generate a new session id and also modify the algorithm used for hashing the session id to increase entropy?

I see in the repoze.who project they default to md5, would like to possibly use sha-256 instead:
https://github.com/repoze/repoze.who/blob/2f11841e41ecb7a455d92b899d457c781bf32967/repoze/who/_auth_tkt.py#L46
https://github.com/repoze/repoze.who/blob/master/repoze/who/plugins/auth_tkt.py#L48

Is that as simple as setting "authtkt.digest_algo": hashlib.sha256 in the update_blueprint config?

Thank you!

[bsansone]

Looks like "sa_auth.authtkt.digest_algo": hashlib.sha256 did the trick on that part, still need to figure out the login_handler invalidate session id