specify that session ID should be cryptographically safe
Opened this issue · 0 comments
ryanthompson591 commented
There is a chance that if session ID's are chosen poorly they can be vulnerable to brute force attacks. We should use window.crypto in the sample code and we should specify in the spec that we should use crypto safe randomly generated numbers.