You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Jeff Poling <je...@cmhcsys.com> on 2004/02/03 17:18:41 UTC

jsession id format?

    Is the jsessionid a simple random number, or is there information 
encoded into it.  For example, on one other application server (non-J2EE), 
the client IP address is encoded into the generated sessionID for security 
reasons.

*************Jeff Poling, Research and Development, CMHC Systems**************
** For every difficult problem, there is * "A warp core breach is imminent? **
** a solution that is simple, obvious,   * This calls for the handyman's    **
** and wrong.                            * secret weapon, duct tape." -- Red**
**                                       * Green, Chief Engineer, USS Voyager*
******************************************************************************


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

Re: jsession id format?

Posted by Tim Funk <fu...@joedog.org>.

The session id created from tomcat is a random number which is base 64 
encoded. No extra information is encoded to session id.

-Tim

Jeff Poling wrote:

>    Is the jsessionid a simple random number, or is there information 
> encoded into it.  For example, on one other application server 
> (non-J2EE), the client IP address is encoded into the generated 
> sessionID for security reasons.
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

Re: jsession id format?

Posted by Michael Mangeng <m1...@inexess.biz>.

Hi Jeff

As far as i know, the sessionid is entirely (pseudo)-random.

greets,
mike

Jeff Poling wrote:

>    Is the jsessionid a simple random number, or is there information 
> encoded into it.  For example, on one other application server 
> (non-J2EE), the client IP address is encoded into the generated 
> sessionID for security reasons.
>
> *************Jeff Poling, Research and Development, CMHC 
> Systems**************
> ** For every difficult problem, there is * "A warp core breach is 
> imminent? **
> ** a solution that is simple, obvious,   * This calls for the 
> handyman's    **
> ** and wrong.                            * secret weapon, duct tape." 
> -- Red**
> **                                       * Green, Chief Engineer, USS 
> Voyager*
> ****************************************************************************** 
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org