Google Interview Question

Describe the process (including some code) on how to create a user identifier that could be passed between websites, that could not be spoofed or easily stolen

Interview Answer

Anonymous

May 9, 2009

Use a HMAC hash to generate your session ID. Use public key encryption to ensure that the key cannot be listened in on. Include an incrementing sequence number in the session ID to prevent replay attacks.