2011/3/18 Mark Thomas <ma...@apache.org>: > On 18/03/2011 14:07, Konstantin Kolinko wrote: >> Just a note: Maybe it is worth to measure the time that the sessionId >> generation takes (looking at the stack trace in [1]) and print some >> warning if org.apache.catalina.util.SessionIdGenerator.getRandomBytes( >> ) >> or >> org.apache.catalina.util.SessionIdGenerator.generateSessionId( ) >> takes too long. I would say that more than 2 seconds would be too >> long. Just saying. > > createSecureRandom() is where you need the logging. > > The log message (at debug level) and the threshold (hard-coded 100ms) > are already there. You have the commit bit and a +1 from me if you want > to change it. >
I understand your point, but the OP's stack trace is inside nextBytes(), not inside createSecureRandom(). It might be that createSecureRandom() also has noticeable delay in these circumstances. I just do not know. Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
