Generating Session IDs
In this lesson, we'll see how secure session IDs are generated.
We'll cover the following...
Using incremental session IDs is a bad choice
It should go without saying, but your session IDs (often stored in cookies) should not resemble a known pattern or be generally guessable. Using an auto-incrementing sequence of integers as IDs would be a terrible choice, as an attacker could just log in, receive the session ID ...