Just this goy...

Saturday, September 14, 2002

If a client loads the website, they will be randomly assigned a 32-byte session id. This id is unique. Now, let's say they log in to the website. If their username is unique, could it not be used as their session id?

No, because it is theoretically possible their username could be 32 bytes in length, and that the php session management routines could randomly generate an exact match. I think.

No comments:

Blog Archive

About Me

Owned by Njørđson, a Cape Dory 25D.