You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Ingo Düppe <ma...@dueppe.com> on 2007/06/25 21:10:10 UTC
Is HttpSession id a GUID
Hello,
is the http session id a global unique id within a tomcat 6.0.13 cluster?
I like to use it as a unique field within the db for user tracking, so
it should be unique within the cluster and time.
Regards
Ingo
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Is HttpSession id a GUID
Posted by Ingo Düppe <ma...@dueppe.com>.
Hi Chris,
you are totally right, I didn't saw the solution.
Thx
Ingo
Christopher Schultz schrieb:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Ingo,
>
> Ingo Düppe wrote:
>
>> is the http session id a global unique id within a tomcat 6.0.13 cluster?
>>
>
> I think a better question is whether the servlet specification
> guarantees a globally unique session id: it doesn't.
>
> The reason I recommend focusing on the servlet specification is that the
> servlet spec is the only place where you can find rules that all app
> servers must honor. Tomcat (regardless of version) will be required to
> follow those rules. Anything not covered by the servlet specification is
> left up to the implementors of the app server.
>
> If Tomcat decides to change its implementation and you are not careful,
> you might go from a true GUID to something that won't satisfy your
> needs. (Note that I'm pretty sure that Tomcat doesn't guarantee global
> uniqueness of session ids, though it would be foolish for them not to be
> unique throughout the cluster).
>
>
>> I like to use it as a unique field within the db for user tracking, so
>> it should be unique within the cluster and time.
>>
>
> I would recommend using a GUID-generation library that you know will
> always work for you. When a session is created, drop a new GUID into the
> session and use /that/ for your database key.
>
> - -chris
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFGgCH19CaO5/Lv0PARAirGAJwLc3XCzkNzwGHhU/ehJQslyAAEeQCggHu2
> /HZT326Lifd1adgRUTl+Vps=
> =umFQ
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
>
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Is HttpSession id a GUID
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Ingo,
Ingo Düppe wrote:
> is the http session id a global unique id within a tomcat 6.0.13 cluster?
I think a better question is whether the servlet specification
guarantees a globally unique session id: it doesn't.
The reason I recommend focusing on the servlet specification is that the
servlet spec is the only place where you can find rules that all app
servers must honor. Tomcat (regardless of version) will be required to
follow those rules. Anything not covered by the servlet specification is
left up to the implementors of the app server.
If Tomcat decides to change its implementation and you are not careful,
you might go from a true GUID to something that won't satisfy your
needs. (Note that I'm pretty sure that Tomcat doesn't guarantee global
uniqueness of session ids, though it would be foolish for them not to be
unique throughout the cluster).
> I like to use it as a unique field within the db for user tracking, so
> it should be unique within the cluster and time.
I would recommend using a GUID-generation library that you know will
always work for you. When a session is created, drop a new GUID into the
session and use /that/ for your database key.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGgCH19CaO5/Lv0PARAirGAJwLc3XCzkNzwGHhU/ehJQslyAAEeQCggHu2
/HZT326Lifd1adgRUTl+Vps=
=umFQ
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org