[jboss-jira] [JBoss JIRA] Created: (JBAS-7475) Replace clustered session manager's session generation algorithm

Thu Nov 19 22:17:29 EST 2009

Replace clustered session manager's session generation algorithm
----------------------------------------------------------------

                 Key: JBAS-7475
                 URL: https://jira.jboss.org/jira/browse/JBAS-7475
             Project: JBoss Application Server
          Issue Type: Task
      Security Level: Public (Everyone can see)
          Components: Clustering, Web (Tomcat) service
            Reporter: Brian Stansberry
            Assignee: Brian Stansberry
             Fix For: JBossAS-6.0.0.M2

Instead use the same algorithm as used by Tomcat/JBoss Web StandardManager

1) Get random bytes from dev/urandom if available
2) Else seed random with function of System.nanoTime() + entropy
3) Consider using the same encoding used by Tomcat, eliminating the SessionIdAlphabet config with its problematic special chars. The downside to this is it results in a larger session id string (32 chars instead of 24) since the set of available chars is smaller (17 instead of 64).

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira