tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Costin Manolache <>
Subject Re: Duplicate session IDs are *common*
Date Fri, 10 Jan 2003 20:20:46 GMT
Eric Rescorla wrote:

> Dirk-Willem van Gulik <> writes:
>> > ID provides a statistical probability of collision so low that
>> > there is no need to explicitly check for uniqueness.
>> Or just add a syncronized i++ to make sure.
> Yes.
> There's nothing wrong with what you propose, but it's sort of
> like saying "maybe I should wear a helmet at all times
> because a meteor might drop on my head". Sure, it could happen,
> btu it's not the thing I'd worry about.

I find it amazing that 2 people reported beeing hit by meteors (duplicate 
session ids ) in the same week.  

You're right - a counter is better than time. It'll duplicate the counter
if tomcat is restarted - so probably the initial value of the counter
should be random or derived from time.


To unsubscribe, e-mail:   <>
For additional commands, e-mail: <>

View raw message