tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aditya <adi...@grot.org>
Subject Re: Duplicate session IDs are *common*
Date Thu, 09 Jan 2003 06:36:58 GMT
> On Wed, 08 Jan 2003 19:37:28 -0800, Costin Manolache <cmanolache@yahoo.com> said:
> The default is java.security.SecureRandom - and should give enough
> randomness. There is a change on head ( that would work with 5.0 -
> but it can be backported ) that allow you to use /dev/urandom ( or
> another source - it can be a pipe or something like that ).

what about "hashing" the random part with System.currentTimeMillis()
so that even the vanishingly small probability of a collision is
avoided?  Or would that be too expensive?

Adi

--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message