EAServer provides an autogenerated HTTP session ID. In versions earlier than 5.x, the encryption key strength of an HTTP session ID is 64-bit. The 64-bit session identifier does not provide a secured HTTP session.
In EAServer 6.2, the algorithm increases the strength of encryption for a HTTP session ID to 128-bit. The default length of the HTTP session ID is 64-bit. Use the Web Management Console to modify the length to a multiple of 8 between 64 and 2048.
See the EAServer 6.0 Security Administration and Programming Guide.
