NetTalk Central

Author Topic: NT8.03 session ID allways characters  (Read 2371 times)

Alberto

  • Hero Member
  • *****
  • Posts: 1871
    • MSN Messenger - alberto-michelis@hotmail.com
    • View Profile
    • ARMi software solutions
    • Email
NT8.03 session ID allways characters
« on: March 25, 2014, 10:15:44 AM »
even if you check use number for session id
see image

and if you set a character sessionID its allways 30 chars even if you set it to be 8

[attachment deleted by admin]
« Last Edit: March 25, 2014, 10:20:50 AM by michelis »
-----------
Regards
Alberto

kevin plummer

  • Hero Member
  • *****
  • Posts: 1195
    • View Profile
    • Production Accounting and Software Payroll
Re: NT8.03 session ID allways characters
« Reply #1 on: March 25, 2014, 04:19:27 PM »
try to close\re-open your browser. If the cookie already existed with 30 char you will get that result.

Bruce

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 11244
    • View Profile
Re: NT8.03 session ID allways characters
« Reply #2 on: March 25, 2014, 09:34:32 PM »
Kevin is right, you probably need to just close your browser (or try another browser).

However;
>>  if you check use number for session id

don't do that.

>> even if you set it to be 8

don't do that.

weakening the sessionid makes you app more vulnerable to a session fixation attack. Take security seriously - in the long run it's a better idea.

cheers
Bruce