-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Arnab,
On 1/8/2010 8:07 AM, Arnab Ghosh wrote: > I have an doubt.Tomcat is using *org.apache.catalina.session.ManagerBase* to > generate sessionId. Now I wants to know whether this generated key will be > unique in all context running under a tomcat service or it will be unique > under a particular context?? The servlet specification (rev 2.5, section 7.3) states that a session is to be scoped within a single context. Clearly, session ids should be unique for a single context (webapp). Tomcat supports SSO (single-sign-on) which allows multiple webapps to share a session, so in that case, the session id should be unique across the set of webapps participating in SSO. I'm not sure about clusters, but they wouldn't work very well if session ids generated on one node interfered with session ids created on another node that need to be shared across the cluster. I believe that a node attaches its jvmRoute to the session id such that it becomes unique across the cluster, and is re-written if/when the node is failed-over. For clusters without session stickiness, where any node may receive a request for a particular session, the session ids has better be unique. I don't see any documentation for Tomcat 6 that explicitly states that session ids are unique for the cluster. Do you have a specific concern, or are you just interested in an academic sense? - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAktHmbEACgkQ9CaO5/Lv0PA12wCgrWerDoJkpesgju5AqB0qDNwf QCYAnR4mMSFR/XrMZsqejZMIjqA7tgNs =uwly -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org