Session steganography idea

Quick idea I had the other day. Session ID tokens are typically short strings of seemingly random characters. While they don’t typically change all that much during a session, it’s good practice to change the session ID every so often to help prevent against security attacks. If someone was to periodically change the session ID, and hide a short message in the ID values such that, when strung together, the message could be extracted, would that be a useful way of transmitting data in a hidden manner? I’m not sure of how much info you could reasonably hide in a series of short session IDs, but it seems like this would be possible.

I'm currently working on a book for web freelancers, covering everything you need to know to get started or just get better. Want to stay updated? Sign up for my mailing list to get updates when the book is ready to be released!

Web Developer Freelancing Handbook

Leave a Reply