Increase the randomness and size of the sessionId (newId()) #1391
Comments
|
After lots of investigation the issue one issue that was identified for randomness calculations is that Math.random() does not provide a good distribution (especially over multiple days) for IE 6, 7, 8 (especially on XP). So as part of "fixing" this issue we will use a local javascript pseudo random number generator using the Mwc (Multiple With Carry) algorithm for IE only, all other browsers will continue to use the window.crypto.getRandomValues() or Math.random() as part of the call to CoreUtils.random32(). |
MSNev
pushed a commit
that referenced
this issue
Sep 30, 2020
MSNev
pushed a commit
that referenced
this issue
Sep 30, 2020
MSNev
pushed a commit
that referenced
this issue
Sep 30, 2020
MSNev
added a commit
that referenced
this issue
Sep 30, 2020
|
Closing as 2.5.9 is now completely deployed to NPM and all CDN endpoints |
|
This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
For large customers using older or hosted browser instances they are seeing the same value being returned more than once within for the same PC over multiple days.
We need to update the length of the sessionId and use better randomness for the sessionId by default.
While also supporting a configuration to enable users to keep the existing length, so if their backend systems can't handle the increase in length they can configure it back to the current size.
The text was updated successfully, but these errors were encountered: