Re: [Active4d-dev] Web Server Predictable Session ID Vulnerability

[Aparajita Fishman]

> Is this warning below just a blanket statement made to any website using 
> sessions?

Yes. No one can guess an Active4D session id, as the session id is a serial 
number combined with the number of milliseconds since system startup, which is 
then encrypted.

Regards,

  Aparajita

_______________________________________________
Active4D-dev mailing list
Active4D-dev@aparajitaworld.com
http://list.aparajitaworld.com/listinfo/active4d-dev
Archives: http://active4d-nabble.aparajitaworld.com/