You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Jeff Poling <je...@cmhcsys.com> on 2004/02/03 17:18:41 UTC
jsession id format?
Is the jsessionid a simple random number, or is there information
encoded into it. For example, on one other application server (non-J2EE),
the client IP address is encoded into the generated sessionID for security
reasons.
*************Jeff Poling, Research and Development, CMHC Systems**************
** For every difficult problem, there is * "A warp core breach is imminent? **
** a solution that is simple, obvious, * This calls for the handyman's **
** and wrong. * secret weapon, duct tape." -- Red**
** * Green, Chief Engineer, USS Voyager*
******************************************************************************
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: jsession id format?
Posted by Tim Funk <fu...@joedog.org>.
The session id created from tomcat is a random number which is base 64
encoded. No extra information is encoded to session id.
-Tim
Jeff Poling wrote:
> Is the jsessionid a simple random number, or is there information
> encoded into it. For example, on one other application server
> (non-J2EE), the client IP address is encoded into the generated
> sessionID for security reasons.
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: jsession id format?
Posted by Michael Mangeng <m1...@inexess.biz>.
Hi Jeff
As far as i know, the sessionid is entirely (pseudo)-random.
greets,
mike
Jeff Poling wrote:
> Is the jsessionid a simple random number, or is there information
> encoded into it. For example, on one other application server
> (non-J2EE), the client IP address is encoded into the generated
> sessionID for security reasons.
>
> *************Jeff Poling, Research and Development, CMHC
> Systems**************
> ** For every difficult problem, there is * "A warp core breach is
> imminent? **
> ** a solution that is simple, obvious, * This calls for the
> handyman's **
> ** and wrong. * secret weapon, duct tape."
> -- Red**
> ** * Green, Chief Engineer, USS
> Voyager*
> ******************************************************************************
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org