I've looked though, what I believe to be, the relevant areas in the MySQL docs as well as standard search engine searches without luck. I was hoping to find some documentation that would tell me:
- how MySQL session Ids are generated (specifically, are they considered "random")
- does MySQL require session ids sent from the client to be server generated (ie the client can't make one up and that is used for the session)
- is there any other relevant security protections or concerns for mysql session management that would be of interest?