Under Review

Use MacOS Hardware UUID for Control Session ID

Alex Hart 5 years ago updated by Caitlin M Barnes (Product Manager) 5 years ago 1

I'd like to request that both with when a session ID is generated at runtime (derived from mac address in the a absence of s= value in ClientLaunchParameters.txt with a custom install), and when using provided installers that injects a value in that file, that the session ID be equal to the hardware UUID. As reported in  Service Ticket#11461647, it is possible for the session ID generated from mac address to be the same across machines. When this isn't unique, suddenly people are unexpectedly connected to the wrong computer or can't connect to the computer they need since it only shows one of the computers with overlapping IDs at a time. This is embarrassing and a security risk. Anyway, regardless of the issues that come from overlapping session IDs when the session ID isn't stored in the ClientLaunchParameters.txt access client configuration, the other issue is if you re-install an access agent, the session id changes and you end up with a mess of duplicate session entries in the admin panel. One place the unique hardware UUID can be found is using `/usr/sbin/system_profiler -detailLevel basic`. I can't think of a good argument against using this value.