Apply code suggestions

Author: patel-vansh

system/Filters/RequestId.php

@@ -57,7 +57,7 @@ private function isValidRequestId(string $requestId): bool
             return false;
         }
 
-        if (strlen($requestId) > 255) {
+        if (strlen($requestId) > 64) {
             return false;
         }
 

tests/system/Filters/RequestIdTest.php

@@ -38,7 +38,10 @@ public function testBefore(): void
 
         $requestId = context()->get('request_id');
 
+        $requestIdFromHeader = $request->getHeaderLine('X-Request-ID');
+
         $this->assertNotEmpty($requestId);
+        $this->assertSame($requestId, $requestIdFromHeader);
         $this->assertSame(32, strlen($requestId));
         $this->assertMatchesRegularExpression('/^[A-Za-z0-9._:-]+$/', $requestId);
     }
@@ -55,7 +58,10 @@ public function testBeforeWithExistingRequestId(): void
 
         $requestId = context()->get('request_id');
 
+        $requestIdFromHeader = $request->getHeaderLine('X-Request-ID');
+
         $this->assertSame($existingRequestId, $requestId);
+        $this->assertSame($existingRequestId, $requestIdFromHeader);
         $this->assertMatchesRegularExpression('/^[A-Za-z0-9._:-]+$/', $requestId);
     }
 
@@ -71,7 +77,30 @@ public function testBeforeWithExistingInvalidRequestId(): void
 
         $requestId = context()->get('request_id');
 
+        $requestIdFromHeader = $request->getHeaderLine('X-Request-ID');
+
+        $this->assertNotSame($existingRequestId, $requestId);
+        $this->assertSame($requestId, $requestIdFromHeader);
+        $this->assertSame(32, strlen($requestId));
+        $this->assertMatchesRegularExpression('/^[A-Za-z0-9._:-]+$/', $requestId);
+    }
+
+    public function testBeforeWithExistingLongRequestId(): void
+    {
+        $filter  = new RequestId();
+        $request = service('request', null, false);
+
+        $existingRequestId = str_repeat('a', 65);
+        $request->setHeader('X-Request-ID', $existingRequestId);
+
+        $filter->before($request);
+
+        $requestId = context()->get('request_id');
+
+        $requestIdFromHeader = $request->getHeaderLine('X-Request-ID');
+
         $this->assertNotSame($existingRequestId, $requestId);
+        $this->assertSame($requestId, $requestIdFromHeader);
         $this->assertSame(32, strlen($requestId));
         $this->assertMatchesRegularExpression('/^[A-Za-z0-9._:-]+$/', $requestId);
     }

user_guide_src/source/incoming/filters.rst

@@ -386,20 +386,18 @@ Request ID
 
 .. versionadded:: 4.8.0
 
-This filter adds a unique request ID to each request in context of the application. This can be useful for
+This filter adds a request ID to each request in context of the application. This can be useful for
 debugging and logging purposes, as it allows you to trace a specific request through the application.
 
-Framework-generated IDs are unique for practical purposes, however valid incoming IDs are reused.
+Framework-generated IDs are 32-character hexadecimal strings and are unique for practical purposes, however valid incoming IDs are reused.
 It is added to the request's context and can be accessed via the ``request_id`` key.
 
-The ID is generated via ``bin2hex(random_bytes(16))``, so it is a 32-character hexadecimal string.
-
 To enable this filter, simply add/uncomment the ``requestid`` alias in the ``$required['before']`` and ``$required['after']`` array in **app/Config/Filters.php**:
 
 .. literalinclude:: filters/014.php
 
 .. note:: If the incoming request has a header named ``X-Request-ID``, the value of that header
     will be used as the request ID instead of generating a new one or checking for uniqueness.
     The framework does basic validation to ensure that the incoming request ID is a non-empty string,
-    has at most 255 characters, and contains only valid characters (alphanumeric, dot, underscore, colon, and hyphen).
+    has at most 64 characters, and contains only valid characters (alphanumeric, dot, underscore, colon, and hyphen).
     If the validation fails, a new request ID will be generated as normal. This allows you to pass in your own request ID if you have one available, such as from a client or a load balancer.