enough as long as it is accompanied by a uniqueness guarantee. Are you
saying you
want to remove the uniqueness guarantee?
- Glenn
Eric Rescorla <[EMAIL PROTECTED]> writes:
Glenn Olander <[EMAIL PROTECTED]> writes:
5) The strength of the PRNG is largely irrelevant
As a user, I w
Here's a follow-up on the bug report I submitted that started this thread.
1) We confirmed the problem is a duplicate session id.
Luckily we were logging session id's. It took a lot of hunting through
access logs, but we did indeed find two sessions which were started a
couple of minutes apart, w
fyi, this still isn't correct. If you can simply copy/paste the code
from these messages I'm sending, that should ensure the correct code
gets checked in. Here is
what it should look like:
String sessionId = generateSessionId();
String jvmRoute = getJvmRoute();
// @todo Mov
7;.' + jvmRoute;
}
}
}
session.setId(sessionId);
return (session);
Remy Maucherat wrote:
Glenn Olander wrote:
I can also report that I've seen this happen when the system is
under load. We had a
user log in and gain access to another
I can also report that I've seen this happen when the system is under
load. We had a
user log in and gain access to another user's session. I'm sure you can
understand that
makes it a very serious bug for security-sensitive applications, perhaps
even deserving
some kind of security alert announc
