Re: session-id prediction

[Tim Funk]

They'd have to be one incredible guesser. Session ids are random and the 
session ID space is gigantic. Check the archives for a session id duplication 
discussion that went through all the math details.

-Tim

Bill Gorr wrote:

Hello all,

Is there something in Tomcat that stops an adversary from guessing someone else session-id and preform 
a session hijacking?

thanks.

Bill
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]