Clarification on Session ID (wodWebServer / wodWebServer.NET)
Team, we are using the WebServer component for a VB6 project.
I have a couple of queries regarding the session management in the WOD Session, which I hope you can help clarify:
I've noticed that session IDs are generated as soon as the web server is initiated. Could you shed some light on the purpose of this? Typically, I would expect the WOD session ID to be created after successful user authentication, and I'm curious to understand the rationale behind the current approach.
Additionally, I observed that session IDs are being reused. Is this the default behavior, and if so, what measures are in place to prevent any associated security risks? I'm keen to ensure that session IDs are unique for each session, especially after user authentication.
Any insights or guidance on these aspects would be greatly appreciated.