Our security checklist for our system requires the following:
Generating session IDs that are at least 128 bits (16 bytes) in length will cause an attacker to take a large amount of time and resources to guess, reducing the likelihood of an attacker guessing a session ID.
I can see on the "User Sessions" screen that each session is given a session ID that appears to be 7 characters in length, but that is all I can see for the Session ID? Does Jira fit this requirement. Is there a way to make Jira give a longer session ID? Is this something that I can not change and just have to express to my security department that it is what it is?