Fix session id length implementation

Fix session id length implementation

src/flask_session/sessions.py

@@ -56,8 +56,8 @@ class SqlAlchemySession(ServerSideSession):
 
 class SessionInterface(FlaskSessionInterface):
 
-    def _generate_sid(self, app):
-        return secrets.token_urlsafe(app.config["SESSION_ID_LENGTH"])
+    def _generate_sid(self, session_id_length):
+        return secrets.token_urlsafe(session_id_length)
 
     def __get_signer(self, app):
         if not hasattr(app, "secret_key") or not app.secret_key:
@@ -88,11 +88,12 @@ class ServerSideSessionInterface(SessionInterface, ABC):
     """Used to open a :class:`flask.sessions.ServerSideSessionInterface` instance.
     """
 
-    def __init__(self, db, key_prefix, use_signer=False, permanent=True):
+    def __init__(self, db, key_prefix, use_signer=False, permanent=True, sid_length=32):
         self.db = db
         self.key_prefix = key_prefix
         self.use_signer = use_signer
         self.permanent = permanent
+        self.sid_length = sid_length
         self.has_same_site_capability = hasattr(self, "get_cookie_samesite")
 
     def set_cookie_to_response(self, app, session, response, expires):
@@ -118,13 +119,13 @@ def set_cookie_to_response(self, app, session, response, expires):
     def open_session(self, app, request):
         sid = request.cookies.get(app.config["SESSION_COOKIE_NAME"])
         if not sid:
-            sid = self._generate_sid(app)
+            sid = self._generate_sid(self.sid_length)
             return self.session_class(sid=sid, permanent=self.permanent)
         if self.use_signer:
             try:
                 sid = self._unsign(app, sid)
             except BadSignature:
-                sid = self._generate_sid(app)
+                sid = self._generate_sid(self.sid_length)
                 return self.session_class(sid=sid, permanent=self.permanent)
         return self.fetch_session_sid(sid)