Jan Felix Reuter wrote: > Now I'm concerned about security, because with this sheme an attacker could > easily get access to a user's session by just guessing its ID. Use a larger random session ID. 64 bits should be enough for most situations. Neil