Mongryong <Mongryong at sympatico.ca> writes: > Even with a 'randomly' generated session key, a malicious user can still > steal the session key of a active user. How?