Reilly, The workername should uniquely identify a server instance. This is used a) to prepend to session id to ensure uniqueness and b) by some of the SessionDataStore flavours to reason about which node was last managing a session when considering whether a session should be regarded as expired or not. For an example of the latter case, see the InfinispanSessionDataStore. I thought the JDBCSessionDataStore did as well, but can't remember the details now.
regards Jan On Thu, 29 Aug 2019 at 10:23, Reilly Brogan <[email protected]> wrote: > We're working on switching our application from external Tomcat to > embedded Jetty and one of the things that we've noticed is different is > that the SessionId worker name is prepended to all session IDs (we do have > multiple application servers accessing the sessions and the docs said we > needed to set the workerName). > > We'd prefer to avoid this if possible as we log the session ID to several > database tables that currently have a length limit that would need to be > extended for the new format. Looking at the code it looks like the purpose > of this is to try to ensure that there are no ID collisions if there are > multiple application servers, but assuming you are using SecureRandom on > hosts with sufficient hardware-provided entropy is that really a real risk? > > Are there any other reasons that workerName would need to be globally > unique that I'm not seeing? > _______________________________________________ > jetty-users mailing list > [email protected] > To change your delivery options, retrieve your password, or unsubscribe > from this list, visit > https://www.eclipse.org/mailman/listinfo/jetty-users -- Jan Bartel <[email protected]> www.webtide.com *Expert assistance from the creators of Jetty and CometD*
_______________________________________________ jetty-users mailing list [email protected] To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users
