Generating Session IDs
Understand the risks of using predictable session IDs like incremental integers and explore how to generate secure, random session identifiers using cryptographic methods. Discover best practices to protect your web applications against session hijacking by leveraging built-in framework functions or reviewing their security implementations.
We'll cover the following...
We'll cover the following...
Using incremental session IDs is a bad choice
It should go without saying, but your session IDs (often stored in cookies) should not resemble a known pattern or be generally guessable. Using an auto-incrementing sequence of integers as IDs would be a terrible choice, as an attacker could just log in, receive the session ID ...