tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Cristian Southall" <>
Subject session IDs
Date Tue, 15 Aug 2000 06:29:30 GMT

My organisation is currently moving from an Oracle App Server environment to Tomcat. It would
be nice to leverage Tomcat's convenient session management features but I have to convince
my colleagues that the session IDs Tomcat issues are as 'secure' as those we currently build.

I understand that the security of a session ID - given that it does not actually encode any
information (that I know of) - is simply how difficult it would be to anticipate or recreate
the string Tomcat issues but I cannot find any info on how Tomcat arrives at the values offered
as session IDs. 

I would greatly appreciate it if someone could point me towards some relevant documentation/resources
on this matter.

Thanks very much,

HP JDV Ltd, its Directors and Associates declare that they from time to time hold interests
in/and or earn brokerage, fees or other benefits mentioned in documents to clients.
Any securities recommendation contained in this document is unsolicited general information
only. Do not act on a recommendation without first consulting your investment advisor to determine
whether the recommendation is appropriate for your investment objectives, financial situation
and particular needs.
HP JDV Ltd believes that any information or advice (including any securities recommendation)
contained in this document is accurate when issued. However, HP JDV Ltd does not warrant its
accuracy or reliability. HP JDV Ltd, its officers, agents and employees exclude all liability
whatsoever, in negligence or otherwise, for any loss or damage relating to this document to
the full extent permitted by law.

View raw message