This week's book giveaway is in the Big Data forum.
We're giving away four copies of Elasticsearch in Action and have Radu Gheorghe & Matthew Lee Hinman on-line!
See this thread for details.
The moose likes Tomcat and the fly likes How are session IDs generated? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Elasticsearch in Action this week in the Big Data forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "How are session IDs generated?" Watch "How are session IDs generated?" New topic

How are session IDs generated?

Ulf Dittmer

Joined: Mar 22, 2005
Posts: 42954
I assume they are a hash of something, but does anyone know more about the algorithm? Like which pieces of information go into the hash, and within which timeframe IDs could conveivably collide? Any links are appreciated as well.

William Brogden
Author and all-around good cowpoke

Joined: Mar 22, 2000
Posts: 12889
Why not look at the Tomcat source code?
Ulf Dittmer

Joined: Mar 22, 2005
Posts: 42954
I know, the source is my friend. But I was hoping that someone had more insight, or had done the source-spelunking already.

Edited later: The session ID is a 16 byte random number, run thorough a digest (MD5 by default), and then converted to Hex.
[ August 01, 2005: Message edited by: Ulf Dittmer ]
jQuery in Action, 2nd edition
subject: How are session IDs generated?