public void ToBase64UrlSafe_does_not_contain_unfriendly_chars()
{
var bytes = new byte[24];
string lastSessionId = null;
1000.Times(i =>
{
SessionExtensions.PopulateWithSecureRandomBytes(bytes);
var sessionId = bytes.ToBase64UrlSafe();
Assert.That(sessionId, Does.Not.Contain("+"));
Assert.That(sessionId, Does.Not.Contain("/"));
if (lastSessionId != null)
Assert.That(sessionId, Is.Not.EqualTo(lastSessionId));
lastSessionId = sessionId;
});
}