[Mono-bugs] [Bug 50009][Wis] New - Session IDs are predicatble

bugzilla-daemon@bugzilla.ximian.com bugzilla-daemon@bugzilla.ximian.com
Wed, 22 Oct 2003 14:08:16 -0400 (EDT)

Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.

Changed by jackson@ximian.com.


--- shadow/50009	2003-10-22 14:08:16.000000000 -0400
+++ shadow/50009.tmp.15675	2003-10-22 14:08:16.000000000 -0400
@@ -0,0 +1,23 @@
+Bug#: 50009
+Product: Mono/Class Libraries
+Version: unspecified
+OS Details: 
+Status: NEW   
+Priority: Wishlist
+Component: System.Web
+AssignedTo: jackson@ximian.com                            
+ReportedBy: jackson@ximian.com               
+QAContact: mono-bugs@ximian.com
+TargetMilestone: ---
+Summary: Session IDs are predicatble
+We are using GUIDs for our session ids which makes session id values
+predictable. According to this article:
+we should create 15 byte arrays using RNGCryptoServiceProvider and then
+encode those values into 24 character strings.