> [EMAIL PROTECTED] wrote: > >digest source might be able to locate the bits just by trying a lot of > >them. I would expire them after a while just to prevent that from > >happening by stating that if there is a 15 minute session, new random bits > >are generated each five minutes.
I missed the start of this thread, but how about generating a new id (or random bits) on every vists: on first connect client is assigned a session id, on subsequent connects, previous id is verified and a new id is generated and returned. This makes it even harder to crack. -- Simon Oliver