Dave, I missed your post in October. Yours and igain's are the only reports I've had of this occuring. It's obviously a significant concern.
How frequently are you seeing this? Only suggestions I can make involve code changes: 1) To tomcat/src/main/org/jboss/web/tomcat/service/session/JBossCacheManager.java add | @Override | protected String getNextId() | { | while (true) | { | String id = super.getNextId(); | if (sessions_.containsKey(id) || unloadedSessions_.containsKey(id)) | { | continue; | } | else | { | return id; | } | } | } That's in later version of the class. 2) The SessionIDGenerator class itself was recently changed, primarily to support use of /dev/urandom as a source of random bytes. You could look at porting some of that back to the 4.2.3 version. Current version of the class is at https://svn.jboss.org/repos/jbossas/trunk/tomcat/src/main/java/org/jboss/web/tomcat/service/session/SessionIDGenerator.java I've tested the SessionIDGenerator and created millions of IDs without duplicates. So any info on when/how this happens would be most appreciated. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4270104#4270104 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4270104 _______________________________________________ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user