commons-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Phil Steitz <>
Subject Re: [id] UUID Version 4
Date Sat, 01 May 2004 14:36:44 GMT

Sorry for the latency.  I have been on the road.  See below.

> Yes, all I really want is uniqueness, but again SessionIdGenerator implies
> for me, that uniqueness is only guaranteed during a session, i.e.
> restarting the application may produce id collisions?

The SessionIdGenerator should be OK for your use case, if I understand it 
correctly, unless application runs start at exactly the same system time 
(by resetting the system clock).  Have a look at the code here:

to see exactly what it does, but basically the ids generated by this 
generator are made up of 6 random characters, followed by 3 characters 
based on system time, plus 1+ count characters to ensure that they plus 
the 3 time characters are unique (in case ids are generated faster than 
clock resolution).  The random characters are generated using a Random 
which is a (non-static) instance variable, initialized using the default 
(system time) seed.

Therefore, if two application runs start at precisely the same system 
clock time and each uses a singleton SessionIdGenerator to generate ids, 
generated ids could in theory collide; but if you don't mess with the 
system clock between subsequent runs, uniqueness should be preserved 
across runs.

Another factor to consider here is whether or not / how much you care if 
the generated ids can be spoofed.  Neither SessionIdGenerator nor the 
version 4 UUID are particularly secure from this standpoint (i.e., 
preventing a hacker from generating a valid identifier based on observed 
identifier values). The SecureRandom version of the version 4 UUID is 
better; but neither are as good as e.g., what tomcat does

A "secure" package of secure random or signed identifier generators would 
make a good addition to [id].  As always, contributions are welcome :-)


> Regards,
> Jörg
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message