Hold your Session: An attack on JAVA Session- ID Genration

HTTP session-id’s take an important role in almost any web Site today. This paper presents a cryptanalysis of Java Servlet 128-bit Session-id and an efficient practical prediction algorithm. Using this attack an adversary may impersonate a legitimate client. Through the analysis we also present a novel, general space-time tradeoff for secure Pseudo random number generator attacks.