Does nginx use unique session identifiers

Lemons, Terry Terry.Lemons at
Tue Jul 9 18:40:06 UTC 2019


Our product uses nginx to front-end inbound web access. To enhance our product's security posture, we have been examining the rules in the DISA Web Server Security Requirements Guide<>. One of the rules ( states, "The web server must generate unique session identifiers that cannot be reliably reproduced." I searched the nginx documentation, but wasn't able to confirm that unique session identifiers are used.

Are they?


Terry Lemons

Data Protection Division

176 South Street, MS 2/B-34
Hopkinton MA 01748
terry.lemons at<mailto:terry.lemons at>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 2117 bytes
Desc: image001.png
URL: <>

More information about the nginx mailing list