[Mono-bugs] [Bug 50009][Wis] Changed - Session IDs are predicatble
bugzilla-daemon@bugzilla.ximian.com
bugzilla-daemon@bugzilla.ximian.com
Thu, 6 Nov 2003 14:18:23 -0500 (EST)
Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.
Changed by jackson@ximian.com.
http://bugzilla.ximian.com/show_bug.cgi?id=50009
--- shadow/50009 2003-10-22 14:08:16.000000000 -0400
+++ shadow/50009.tmp.27265 2003-11-06 14:18:22.000000000 -0500
@@ -1,14 +1,14 @@
Bug#: 50009
Product: Mono/Class Libraries
Version: unspecified
-OS:
+OS: unknown
OS Details:
-Status: NEW
-Resolution:
-Severity:
+Status: RESOLVED
+Resolution: FIXED
+Severity: Unknown
Priority: Wishlist
Component: System.Web
AssignedTo: jackson@ximian.com
ReportedBy: jackson@ximian.com
QAContact: mono-bugs@ximian.com
TargetMilestone: ---
@@ -18,6 +18,9 @@
We are using GUIDs for our session ids which makes session id values
predictable. According to this article:
http://www.informit.com/isapi/product_id~%7BCD436BF0-C418-43C8-9324-7579DA60B795%7D/element_id~%7B368C7EF7-C523-470C-B187-41271A5C52E5%7D/st~%7BD06674E4-4033-4F5E-85D4-5D32A6FD7B71%7D/content/articlex.asp
we should create 15 byte arrays using RNGCryptoServiceProvider and then
encode those values into 24 character strings.
+
+------- Additional Comments From jackson@ximian.com 2003-11-06 14:18 -------
+This is now fixed in CVS.