-
Notifications
You must be signed in to change notification settings - Fork 240
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Increase the randomness and size of the sessionId (newId()) #1391
Comments
After lots of investigation the issue one issue that was identified for randomness calculations is that Math.random() does not provide a good distribution (especially over multiple days) for IE 6, 7, 8 (especially on XP). So as part of "fixing" this issue we will use a local javascript pseudo random number generator using the Mwc (Multiple With Carry) algorithm for IE only, all other browsers will continue to use the window.crypto.getRandomValues() or Math.random() as part of the call to CoreUtils.random32(). |
Closing as 2.5.9 is now completely deployed to NPM and all CDN endpoints |
This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
For large customers using older or hosted browser instances they are seeing the same value being returned more than once within for the same PC over multiple days.
We need to update the length of the sessionId and use better randomness for the sessionId by default.
While also supporting a configuration to enable users to keep the existing length, so if their backend systems can't handle the increase in length they can configure it back to the current size.
The text was updated successfully, but these errors were encountered: