views:

115

answers:

0

I am confused with the following sentence(with bold) from Microsoft about Session IDs. It seems to say the obvious, if we reuse a valid Session ID then we do not need to create a new Session ID. Am i missing something? What is reusing in this context? Using the Session ID as an identifier in database or etc is reusing or what?


Therefore, you can reuse session IDs for several reasons. For example, if you reuse session IDs, you do not have to do the following:

Create a new cryptographically unique session ID when you are presented with a valid session ID.

http://support.microsoft.com/?kbid=899918