NetTalk Central

NetTalk Web Server => Web Server - Ask For Help => Topic started by: Alberto on March 25, 2014, 10:15:44 AM

Title: NT8.03 session ID allways characters
Post by: Alberto on March 25, 2014, 10:15:44 AM

even if you check use number for session id
see image

and if you set a character sessionID its allways 30 chars even if you set it to be 8

[attachment deleted by admin]

Title: Re: NT8.03 session ID allways characters
Post by: kevin plummer on March 25, 2014, 04:19:27 PM

try to close\re-open your browser. If the cookie already existed with 30 char you will get that result.

Title: Re: NT8.03 session ID allways characters
Post by: Bruce on March 25, 2014, 09:34:32 PM

Kevin is right, you probably need to just close your browser (or try another browser).

However;
>>  if you check use number for session id

don't do that.

>> even if you set it to be 8

don't do that.

weakening the sessionid makes you app more vulnerable to a session fixation attack. Take security seriously - in the long run it's a better idea.

cheers
Bruce