grizzly icon indicating copy to clipboard operation
grizzly copied to clipboard

Published 20 hours ago verified publisher icon eclipse-ee4j

DefaultSessionManager uses predictable java.util.Random instead of java.security.SecureRandom

Open rlking opened this issue 2 years ago • 1 comments

This popped up during an audit. Is there any reason to not use SecureRandom to generate the session id? Could be easily switched.

rlking avatar Dec 21 '22 15:12 rlking

@rlking Can you supply a PR?

mnriem avatar Sep 15 '23 21:09 mnriem