Thank you for the great explanation.
- Eric
David Delbecq wrote:
By default, the manager generates 16 hexadecimal characters session
identifiers. Those are generated by taking the first 16 characters of
the md5 sum of a random byte[16]. If we assume (that might be a bit
wrong) that all md5 sums are equiprobables, that means in the end that
your session id is a 64bits random number.
So that would mean that odds 2 session ids, over 30.000 sessions be same is
30.000/2^64 ~= 1.6263E-15
However, you can still configure
1) the Algorithm to use (if md5 digest does not fits your needs)
2) the sessionIdLength you want to have on session id (eg 32 instead of 16)
3) as explained add a 'jvmroute' (because inside one manager checks are
made that a session id is not yet used)
If you extends session id key to length 24 (96 bits sessions
identifier), you have
30.000/2^96 ~= 3.7865E-25
full process details:
http://svn.apache.org/repos/asf/tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/session/ManagerBase.java
En l'instant précis du 01/17/07 15:44, Eric Waite s'exprimait dans toute
sa noblesse:
Very very small may be acceptable, what do you mean by very very
small...?
Would 30,000 unique sessions across 3 servers.... have a potential issue?
Thanks.
Eric
Filip Hanik - Dev Lists wrote:
while there is a risk for duplicate sessions being generated, we
believe it to be very very small.
What you can do is set jvmRoute in the <Engine> element to be unique
for each one, that makes it less likely to be duplicate.
Or you can come up with a better random algorithm, take a look at
org.apache.catalina.session.StandardManager
Filip
Eric Waite wrote:
This has been addresses before I am sure, but I do not know where to
find the answer.
I have 3 Tomcat servers sitting behind a load balancer using sticky
sessions.
I do not have session replication working yet, the tomcats are
standalone.
How do I prevent and what are the chances that a duplicate session
id is generated?
Thanks in advance.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
Eric Waite
[EMAIL PROTECTED]
Taylor Associates
Phone: (631) 549-3000
Fax: (631) 549-3156
1-800-732-3758 Ex 317
Http://www.readingplus.com
Need Help, Visit our support website: http://www.readingplus.com/support/
Learn how to use Reading Plus http://www.readingplus.com/help/
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
