tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Costin Manolache <cmanola...@yahoo.com>
Subject Re: Duplicate session IDs are *common*
Date Fri, 10 Jan 2003 20:20:46 GMT
Eric Rescorla wrote:

> Dirk-Willem van Gulik <dirkx@webweaving.org> writes:
> 
>> > ID provides a statistical probability of collision so low that
>> > there is no need to explicitly check for uniqueness.
>> 
>> Or just add a syncronized i++ to make sure.
> Yes.
> 
> There's nothing wrong with what you propose, but it's sort of
> like saying "maybe I should wear a helmet at all times
> because a meteor might drop on my head". Sure, it could happen,
> btu it's not the thing I'd worry about.

I find it amazing that 2 people reported beeing hit by meteors (duplicate 
session ids ) in the same week.  

You're right - a counter is better than time. It'll duplicate the counter
if tomcat is restarted - so probably the initial value of the counter
should be random or derived from time.


Costin


--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message