You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by Sasha Haghani <sh...@activience.com> on 2001/08/01 23:29:43 UTC

URL Rewriting Session ID Length in Tomcat

Hi there,

Does anyone know what the maximum length of the session ID value is when
using URL rewriting/encoding for session tracking (i.e.: ";jessionid=1234"
appended to the end of the URL) with the Tomcat 3.x
and 4.0 servlet containers?

Does the length vary or is it fixed?  And does Tomcat encode server or
failover information into the ID?  WebLogic for instance, encodes the
primary and secondary failover servers into the ID when running in a
cluster)?

And finally, is there any way to restrict or specify the maximum length of
the session ID?

I ask this due to a limitation with some WAP clients & gateways which
prevents the URL from exceeding 128 characters.

Any info on this issue from the Tomcat team or anyone else is much
appreciated.

<background-info>
Please see the following links if you'd like some additional background:

http://e-docs.bea.com/wls/docs60/////wap/wapdev.html#1024984
under the heading "Session Tracking" at the bottom

http://groups.google.com/groups?hl=en&safe=off&th=eb7f38aa5086972e,13&seekm=
8gaki8%247d5%241%40newsgroups.bea.com#p
</background-info>

Regards,
Sasha Haghani

Re: URL Rewriting Session ID Length in Tomcat

Posted by "Craig R. McClanahan" <cr...@apache.org>.

On Wed, 1 Aug 2001, Sasha Haghani wrote:

> Hi there,
> 
> Does anyone know what the maximum length of the session ID value is when
> using URL rewriting/encoding for session tracking (i.e.: ";jessionid=1234"
> appended to the end of the URL) with the Tomcat 3.x
> and 4.0 servlet containers?
> 

No rules or restrictions on the session id are included in the servlet
spec, so a portable application can make no assumptions.  The only rule is
that a path parameter (i.e. after a ";") must be used, and it must be
named "jsessionid".

*At present*, Tomcat 4 uses a fixed length session id of 32 characters.

> Does the length vary or is it fixed?  And does Tomcat encode server or
> failover information into the ID?  WebLogic for instance, encodes the
> primary and secondary failover servers into the ID when running in a
> cluster)?
> 

That's up to the connector implementation.  For example, IIRC the mod_jk
connector appends a server identifier to use in load balancing to the
session id that Tomcat generates.

> And finally, is there any way to restrict or specify the maximum length of
> the session ID?
> 
> I ask this due to a limitation with some WAP clients & gateways which
> prevents the URL from exceeding 128 characters.
> 
> Any info on this issue from the Tomcat team or anyone else is much
> appreciated.

There's nothing portable that can help you with this, although current
practice is a fixed-length id.

> 
> <background-info>
> Please see the following links if you'd like some additional background:
> 
> http://e-docs.bea.com/wls/docs60/////wap/wapdev.html#1024984
> under the heading "Session Tracking" at the bottom
> 
> http://groups.google.com/groups?hl=en&safe=off&th=eb7f38aa5086972e,13&seekm=
> 8gaki8%247d5%241%40newsgroups.bea.com#p
> </background-info>
> 
> Regards,
> Sasha Haghani
> 
> 

Craig McClanahan