( more) Generating a session id for each request

A

A

If a session's chances of being hijacked are very high because of the same
sessionid going back and forth between client and server,
why not make the send back a sessionid cookie with each response ? and
associate the sessionid with the httpsession.
I can see how it might be a little more processing, but is there anything
inherently flawed in this thinking ?
I'm trying to understand this thing, so its not about having just a super
secure connection, but I'm looking for a cheap way to improve the
security...
 
M

mgungora

Haven't tried that myself, but another method would be: associate the
session id with the client's face IP address.
 
M

mgungora

Oops, I just read your previous msg where associating IP address was
already mentioned... Sorry...
 
R

Roedy Green

Haven't tried that myself, but another method would be: associate the
session id with the client's face IP address.

You could of course have many clients coming at you from the same LAN
all sharing the same face IP.
 
J

josh.s17

If the site is using https then session's chance of being hijacked
should be minimal as it shouldn't be visible to anything on the
network. This should be secure enough for anyone's needs especially
since the sessionid cookie only lasts as long as the browser is open.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top