On Wed, 1 Aug 2001, Sasha Haghani wrote:
> Hi there,
>
> Does anyone know what the maximum length of the session ID value is when
> using URL rewriting/encoding for session tracking (i.e.: ";jessionid=1234"
> appended to the end of the URL) with the Tomcat 3.x
> and 4.0 servlet containers?
>
No rules or restrictions on the session id are included in the servlet
spec, so a portable application can make no assumptions. The only rule is
that a path parameter (i.e. after a ";") must be used, and it must be
named "jsessionid".
*At present*, Tomcat 4 uses a fixed length session id of 32 characters.
> Does the length vary or is it fixed? And does Tomcat encode server or
> failover information into the ID? WebLogic for instance, encodes the
> primary and secondary failover servers into the ID when running in a
> cluster)?
>
That's up to the connector implementation. For example, IIRC the mod_jk
connector appends a server identifier to use in load balancing to the
session id that Tomcat generates.
> And finally, is there any way to restrict or specify the maximum length of
> the session ID?
>
> I ask this due to a limitation with some WAP clients & gateways which
> prevents the URL from exceeding 128 characters.
>
> Any info on this issue from the Tomcat team or anyone else is much
> appreciated.
There's nothing portable that can help you with this, although current
practice is a fixed-length id.
>
> <background-info>
> Please see the following links if you'd like some additional background:
>
> http://e-docs.bea.com/wls/docs60/////wap/wapdev.html#1024984
> under the heading "Session Tracking" at the bottom
>
> http://groups.google.com/groups?hl=en&safe=off&th=eb7f38aa5086972e,13&seekm=
> 8gaki8%247d5%241%40newsgroups.bea.com#p
> </background-info>
>
> Regards,
> Sasha Haghani
>
>
Craig McClanahan
