I am using guid as session id for my web application, is it secure

Question

I am using guid as session id for my web application, is it secure.

GUID v4.

In security context, is it safe? If not, what is the reason.

I'm voting to close this question as off-topic because it's more fitting on https://security.stackexchange.com/ — Matt S, May 20 '16 at 14:05

score 0 · Answer 1 · edited May 23 '17 at 10:30

0

I found this How are .NET 4 GUIDs generated?. It seems this is vulnerable for collision attacks such as the birthday attack.

edited May 23 '17 at 10:30

Community

1
1

answered May 20 '16 at 12:20

SureshAtt

1,891
2
17
22

score 0 · Answer 2 · answered Jun 15 '16 at 18:19

Guids are guaranted to be unique. But they are not random. If you generate many guids quickly, you'll see that some of the digits repeat. It's not as secure as a cryptographic random number, but more secure than an integer (especially a database auto-number integer).

I am using guid as session id for my web application, is it secure

2 Answers2