tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ingo Düppe <>
Subject Re: Is HttpSession id a GUID
Date Mon, 25 Jun 2007 21:33:05 GMT
Hi Chris,
you are totally right, I didn't saw the solution.


Christopher Schultz schrieb:
> Hash: SHA1
> Ingo,
> Ingo Düppe wrote:
>> is the http session id a global unique id within a tomcat 6.0.13 cluster?
> I think a better question is whether the servlet specification
> guarantees a globally unique session id: it doesn't.
> The reason I recommend focusing on the servlet specification is that the
> servlet spec is the only place where you can find rules that all app
> servers must honor. Tomcat (regardless of version) will be required to
> follow those rules. Anything not covered by the servlet specification is
> left up to the implementors of the app server.
> If Tomcat decides to change its implementation and you are not careful,
> you might go from a true GUID to something that won't satisfy your
> needs. (Note that I'm pretty sure that Tomcat doesn't guarantee global
> uniqueness of session ids, though it would be foolish for them not to be
> unique throughout the cluster).
>> I like to use it as a unique field within the db for user tracking, so
>> it should be unique within the cluster and time.
> I would recommend using a GUID-generation library that you know will
> always work for you. When a session is created, drop a new GUID into the
> session and use /that/ for your database key.
> - -chris
> Version: GnuPG v1.4.7 (MingW32)
> Comment: Using GnuPG with Mozilla -
> iD8DBQFGgCH19CaO5/Lv0PARAirGAJwLc3XCzkNzwGHhU/ehJQslyAAEeQCggHu2
> /HZT326Lifd1adgRUTl+Vps=
> =umFQ
> ---------------------------------------------------------------------
> To start a new topic, e-mail:
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message