By default, the manager generates 16 hexadecimal characters session identifiers. Those are generated by taking the first 16 characters of the md5 sum of a random byte[16]. If we assume (that might be a bit wrong) that all md5 sums are equiprobables, that means in the end that your session id is a 64bits random number.
So that would mean that odds 2 session ids, over 30.000 sessions be same is 30.000/2^64 ~= 1.6263E-15 However, you can still configure 1) the Algorithm to use (if md5 digest does not fits your needs) 2) the sessionIdLength you want to have on session id (eg 32 instead of 16) 3) as explained add a 'jvmroute' (because inside one manager checks are made that a session id is not yet used) If you extends session id key to length 24 (96 bits sessions identifier), you have 30.000/2^96 ~= 3.7865E-25 full process details: http://svn.apache.org/repos/asf/tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/session/ManagerBase.java En l'instant précis du 01/17/07 15:44, Eric Waite s'exprimait dans toute sa noblesse: > Very very small may be acceptable, what do you mean by very very > small...? > Would 30,000 unique sessions across 3 servers.... have a potential issue? > > Thanks. > > Eric > > Filip Hanik - Dev Lists wrote: >> while there is a risk for duplicate sessions being generated, we >> believe it to be very very small. >> What you can do is set jvmRoute in the <Engine> element to be unique >> for each one, that makes it less likely to be duplicate. >> Or you can come up with a better random algorithm, take a look at >> org.apache.catalina.session.StandardManager >> >> Filip >> >> Eric Waite wrote: >>> This has been addresses before I am sure, but I do not know where to >>> find the answer. >>> I have 3 Tomcat servers sitting behind a load balancer using sticky >>> sessions. >>> >>> I do not have session replication working yet, the tomcats are >>> standalone. >>> >>> How do I prevent and what are the chances that a duplicate session >>> id is generated? >>> >>> Thanks in advance. >>> >> >> >> --------------------------------------------------------------------- >> To start a new topic, e-mail: users@tomcat.apache.org >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> > --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
