The session ID variables in my endpoint are predictable and it shows vulnerability "Insufficient Session ID Entropy" in the scan result. I would like to ask if these variables can be modified?
Also, the suggested fix is to ensure that the session ID must be properly generated by using a cryptographically secure pseudorandom number generator (PRNG). Can you suggest how to apply this fix if this is feasible? Or is there any other way to remediate the vulnerability?
