► Deleting Session ID cookie may help protect your account

[Jubel]

Gamefandans has been used quite regularily though

[Ad Bot]

[#Jeetlor]

Gamefandans has been used quite regularily though

1 every month is that frequent.

[Swollow]

in theory since there is such an abundance of sessions someone could just generate random sessions until they ended up with the same session as someone else and since according to this sessions last 6 years the chances of running into a session is very slim but not impossible

[c]

They are hijacking accounts that haven't been used in over 2 years.

How the hell are they getting passwords from an inactive account?

The cookie doesn't expire for 6+ years

[#Jeetlor]

Is the risk of hijacks still here?

[Ipquarx]

in theory since there is such an abundance of sessions someone could just generate random sessions until they ended up with the same session as someone else and since according to this sessions last 6 years the chances of running into a session is very slim but not impossible

Nah this definitely isnt how it was done

So there are only 98,843 users as of this post, most of em don't even have a key attached but lets say they did
The session ID is 26 characters long and can have lowercase letters and numbers, which totals up to 36 unique characters. This means there's 36²⁶ (or 2.9 * 10^40) possible session IDs.

Now every time you guess a random session ID, you have a 98,843/36²⁶ chance of getting one right.
Now we can talk about how many guesses (represented by the variable n) before they have say, a 50% chance of getting one right.
Probability that you get one right = 1 - Probability that you get none right = 1 - (1 - 98,843/36²⁶)ⁿ

1 - (1 - 98,843/36²⁶)ⁿ = 1/2
(1 - 98,843/36²⁶)ⁿ = 1/2
Take the logarithm of both sides, round up and you get...
20405374167788628884419685560 9367116 (2 * 10^35) guesses before they have a 50% chance of getting even one right.

That's a lot more guesses than is even possible.