tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig R. McClanahan" <>
Subject Re: URL Rewriting Session ID Length in Tomcat
Date Thu, 02 Aug 2001 02:50:27 GMT

On Wed, 1 Aug 2001, Sasha Haghani wrote:

> Hi there,
> Does anyone know what the maximum length of the session ID value is when
> using URL rewriting/encoding for session tracking (i.e.: ";jessionid=1234"
> appended to the end of the URL) with the Tomcat 3.x
> and 4.0 servlet containers?

No rules or restrictions on the session id are included in the servlet
spec, so a portable application can make no assumptions.  The only rule is
that a path parameter (i.e. after a ";") must be used, and it must be
named "jsessionid".

*At present*, Tomcat 4 uses a fixed length session id of 32 characters.

> Does the length vary or is it fixed?  And does Tomcat encode server or
> failover information into the ID?  WebLogic for instance, encodes the
> primary and secondary failover servers into the ID when running in a
> cluster)?

That's up to the connector implementation.  For example, IIRC the mod_jk
connector appends a server identifier to use in load balancing to the
session id that Tomcat generates.

> And finally, is there any way to restrict or specify the maximum length of
> the session ID?
> I ask this due to a limitation with some WAP clients & gateways which
> prevents the URL from exceeding 128 characters.
> Any info on this issue from the Tomcat team or anyone else is much
> appreciated.

There's nothing portable that can help you with this, although current
practice is a fixed-length id.

> <background-info>
> Please see the following links if you'd like some additional background:
> under the heading "Session Tracking" at the bottom
> </background-info>
> Regards,
> Sasha Haghani

Craig McClanahan

View raw message