Is there some document somewhere describing how JRun creates sessionIds? We need to evaluate the security we'll have by using the session mechanism to identify our users and whether something else is needed.
And before somebody replies that such info should be proprietary for security's benefit, please keep in mind that the strength of security should rely on the strength of the algorithm used and not on whether the algorightm itself is known. Thanks, Cristian Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
