If I use RequestDispatcher.forward(request, response) to another context am I running the risk of session id conflicts?
I mean if a session Id is given in one context, another context is restarted and the java.security.SecureRandom is re-initialized for that webapp, then it would seem possible that newly generated sessions in the second context could match the previosly generated session id that was transferred from the first context. I doubt I know as much as many on this list, but that is something that I wondered about. Shawn PS I'm relying on potentially outdated info from a list that was posted in response to this topic. >Tomcat 4 uses an instance of java.security.SecureRandom to generate > session identifiers for a particular session. The instance is initialized > the first time (after Tomcat is started, or after a webapp is restarted) > that a session identifier is requested. > .... > More seriously, it is *you* as the application developer that is deciding > whether or not to execute the RequestDispatcher.include() or > RequestDispatcher.forward() call -- it's not the container. It is totally > up to *you* to decide whether or not this is allowed, because *you* wrote > the app. > yes I did but will the sessions tranfer uniquely? -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
