tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Remy Maucherat <>
Subject Re: Duplicate session IDs are *common*
Date Fri, 10 Jan 2003 20:39:18 GMT
Costin Manolache wrote:
> I find it amazing that 2 people reported beeing hit by meteors (duplicate 
> session ids ) in the same week.  

I find it odd that it actually happened ...

> You're right - a counter is better than time. It'll duplicate the counter
> if tomcat is restarted - so probably the initial value of the counter
> should be random or derived from time.

Yes, since sessions are saved and then reloaded by Tomcat on restart.

Anyway, as far as I am concerned, I don't see any security problem so 
far, so I won't make any security bulletin.

I'll compile the list of changes since 4.1.18 early next week, for maybe 
a new alpha release.


To unsubscribe, e-mail:   <>
For additional commands, e-mail: <>

View raw message