Using generic session ID variable for to determine consent warning, rather than dedicated property.

src/web/consent.js

@@ -1,8 +0,0 @@
-'use strict';
-
-function setConsent(req, res) {
-	req.session.consent = !!req.body;
-	res.status(204).send();
-}
-
-module.exports = setConsent;

src/web/server.js

@@ -8,6 +8,7 @@ const Router = require('express-promise-router');
 const bodyParser = require('body-parser');
 const session = require('express-session');
 const KnexSessionStore = require('connect-session-knex')(session);
+const nanoid = require('nanoid');
 
 const PgConnectionFilterPlugin = require('postgraphile-plugin-connection-filter');
 const PgSimplifyInflectorPlugin = require('@graphile-contrib/pg-simplify-inflector');
@@ -38,8 +39,6 @@ const {
 	fetchTags,
 } = require('./tags');
 
-const setConsent = require('./consent');
-
 async function initServer() {
 	const app = express();
 	const router = Router();
@@ -85,6 +84,12 @@ async function initServer() {
 	router.use(bodyParser.json({ strict: false }));
 	router.use(session({ ...config.web.session, store }));
 
+	router.use((req, res, next) => {
+		req.session.safeId = req.session.safeId || nanoid();
+
+		next();
+	});
+
 	router.get('/api/scenes', fetchScenes);
 	router.get('/api/scenes/:releaseId', fetchScene);
 	router.get('/api/scenes/:releaseId/poster', fetchScenePoster);
@@ -110,13 +115,11 @@ async function initServer() {
 	router.get('/api/tags', fetchTags);
 	router.get('/api/tags/:tagId', fetchTag);
 
-	router.post('/api/consent', setConsent);
-
 	router.get('*', (req, res) => {
 		res.render(path.join(__dirname, '../../assets/index.ejs'), {
 			env: JSON.stringify({
 				sfw: !!req.headers.sfw || Object.prototype.hasOwnProperty.call(req.query, 'sfw'),
-				consent: !!req.session.consent,
+				sessionId: req.session.safeId,
 			}),
 		});
 	});