-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Andrew,
Andrew R Feller wrote: | While working on a trending tool, I decided to capture users' session | IDs. However, I don't know A.) How long they are OR B.) What characters | are valid for a session ID. I have not found any documentation stating | anything about it, so I was hoping someone here knew. The servlet specification does not contain any rules for the session id, other than that it must uniquely identify users. That suggests some minimum length to cover all reasonable numbers of unique visitors. Other than that, there are no constraints. There's nothing that says the session id needs to be a certain length (or even minimum length!), made up of certain characters, etc. Tomcat happens to use a random 16-byte session id that is transmitted as a cookie value by converting it into 32 letters and numbers representing the nibbles in network byte order. So, if the session id is [0x01, 0x23, 0xab, ...] then the cookie value will look like "0123ab...". You can't write a regexp that will always work, but you can write one that will work on Tomcat. May I ask why you need e regular expression for this value? Why not simply accept all session id values, regardless of their content? - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkf2fNYACgkQ9CaO5/Lv0PBR6wCgmxvZ7i69wpKXxV9yDcnqXz+o 5D8AoJvWso+MfjmS7+r+D8HVnMtsAPzS =3mp5 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]