I haven't yet evaluated the bit-coverage of the collected sample. <p> According to Microsoft in http://msdn.microsoft.com/en-us/library/aa479041.aspx <p> "Each active ASP.NET session is identified using a 120-bit string made only of URL-allowed characters. The session ID is generated using the Random Number Generator (RNG) cryptographic provider. The service provider returns a sequence of 15 randomly generated numbers (15 bytes x 8 bit = 120 bits). The array of random numbers is then mapped to valid URL characters and returned as a string." <p> Grendel (from demo.testfire.net) <p> The cookie named ASP.NET_SessionId appears to be used to track session state. Approximately 49 bits of random data were observed. A minimum of 128 is generally recommended. <p> The following transactions were used for the test: [omitted] <p> The following cookieJar were received during testing: 20upx4juvf4ish55fokcjaj3 qhpf2lbtgjzjcl55dd3jcobu j1f4ku45knpos455rrg2dg45 utb2uqzq5c4sgyneahp1unjn ty3fvf45jpv4jh4530mnku45 d0r3oe35g2cofi45sp2moun4 ifli1faz4h5xiz55oetuto55 lwmnhw2vkiq2sj55m34er155 zob1exqyd32map45zf5u2nfn 2iwwqzvgj2math55yrjjan55 da3uezbjxcody155f4eggsry
byrnedr (Assigned To) , eduprey
AttachmentsNo attachmentsAssociationsNo associationsActivity
Time ExpenditureLoading
<p>
According to Microsoft in http://msdn.microsoft.com/en-us/library/aa479041.aspx
<p>
"Each active ASP.NET session is identified using a 120-bit string made only of URL-allowed characters. The session ID is generated using the Random Number Generator (RNG) cryptographic provider. The service provider returns a sequence of 15 randomly generated numbers (15 bytes x 8 bit = 120 bits). The array of random numbers is then mapped to valid URL characters and returned as a string."
<p>
Grendel (from demo.testfire.net)
<p>
The cookie named ASP.NET_SessionId appears to be used to track session state. Approximately 49 bits of random data were observed. A minimum of 128 is generally recommended.
<p>
The following transactions were used for the test:
[omitted]
<p>
The following cookieJar were received during testing:
20upx4juvf4ish55fokcjaj3
qhpf2lbtgjzjcl55dd3jcobu
j1f4ku45knpos455rrg2dg45
utb2uqzq5c4sgyneahp1unjn
ty3fvf45jpv4jh4530mnku45
d0r3oe35g2cofi45sp2moun4
ifli1faz4h5xiz55oetuto55
lwmnhw2vkiq2sj55m34er155
zob1exqyd32map45zf5u2nfn
2iwwqzvgj2math55yrjjan55
da3uezbjxcody155f4eggsry