1 Oct
2000
1 Oct
'00
9:57 p.m.
Chris McDonough writes:
The random element of the token is currently five characters. I may need to "up" this. The secure cookie requirement is already reflected in the use cases and in the current implementation. Anybody have any other bright ideas about how to make session tokens harder to guess?
Hash them as GUF does. Dieter