Clarification on Session ID - WeOnlyDo Discussion board

Clarification on Session ID (wodWebServer / wodWebServer.NET)

by Kishore, Wednesday, December 20, 2023, 17:17 (66 days ago)

Team, we are using the WebServer component for a VB6 project.

I have a couple of queries regarding the session management in the WOD Session, which I hope you can help clarify:

I've noticed that session IDs are generated as soon as the web server is initiated. Could you shed some light on the purpose of this? Typically, I would expect the WOD session ID to be created after successful user authentication, and I'm curious to understand the rationale behind the current approach.

Additionally, I observed that session IDs are being reused. Is this the default behavior, and if so, what measures are in place to prevent any associated security risks? I'm keen to ensure that session IDs are unique for each session, especially after user authentication.

Any insights or guidance on these aspects would be greatly appreciated.
Thanks
Kishore

Clarification on Session ID

by Jasmine, Wednesday, December 20, 2023, 17:28 (66 days ago) @ Kishore

Hi.

Session is created first time you add User.Sessions variable, not before that. It has nothing to do with authentication, which is just one usage of it. You can store many other types of information besides authentication.

As for its uniqueness, it should be unique, since it contains time and session ID inside, both are time-frame unique.

Regards,
Jasmine