Re: Session id generation - how is it done?
Re: Session id generation - how is it done?
- Subject: Re: Session id generation - how is it done?
- From: Chuck Hill <email@hidden>
- Date: Thu, 21 Apr 2011 07:48:07 -0700
It is a securely hashed GUID. It contains no session or user information. It is a hash code to look up the session on the server.
Chuck
On Apr 21, 2011, at 6:09 AM, Jon Nolan wrote:
> I don't have the source handy at the moment and I need some basic info on how a session id is created for a security analysis (you know the drill, is it unique, is it resistant to reverse engineering, etc.)
>
> If you're in the know and wouldn't mind, please reply with a quick sentence or two.
>
> Thanks,
> Jon
>
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Webobjects-dev mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
--
Chuck Hill Senior Consultant / VP Development
Practical WebObjects - for developers who want to increase their overall knowledge of WebObjects or who are trying to solve specific problems.
http://www.global-village.net/products/practical_webobjects
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden