Important Notice: Our web hosting provider recently started charging us for additional visits, which was unexpected. In response, we're seeking donations. Depending on the situation, we may explore different monetization options for our Community and Expert Contributors. It's crucial to provide more returns for their expertise and offer more Expert Validated Answers or AI Validated Answers. Learn more about our hosting issue here.

How secure are session IDs ?

IDs Secure session
0
10 Posted

How secure are session IDs ?

0

AA number of iAS users have expressed concern that a non-authenticated user could duplicate the session ID of a customer that has already been authenticated, and get access to restricted services by posing as the authenticated user. While there is a theoretical risk of this, it is unlikely to happen in practice. The session ID is a 64-bit one-way hash made from, among other things, a random number. The likelihood of being able to synthesize a session ID that generates the correct hash value for a session that is currently in progress is exceptionally small. However, there is a small risk that an eavesdropper could obtain the values of currently-active session IDs by network snooping. Sensible use of firewalls will reduce this risk, and encryption of the Web connector protocol will reduce it further. See below for discussion.

Related Questions

What is your question?

*Sadly, we had to bring back ads too. Hopefully more targeted.