Forum Discussion
John_Alam_45640
Apr 29, 2015Historic F5 Account
Making a guess here, I would say most likely not. The APM uses a session ID that is very long to make it very hard to guess. If you were able to locate the same session by only using 8 characters, it would mean that the rest are insignificant and an attacker can hijack the session much easier.
HTH.
- brad_11480Jun 06, 2017Nimbostratus
well, I just realized that the first 24 characters can be anything-- it only looks and uses the last 8 even though it requires it to be 24.. I just put 'x' and 'z' for the first 24 and it is just fine.