Andras,
On 4/8/12 10:04 PM, Andras Rozsa wrote:
Tomcat Developers,
I am a UCCS student and the project I have been working on is related
to session ID generation.
I have checked the source code of Tomcat 6 (6.0.24) and I think I
have found a mistake.
Line 567: long update = ((byte)
All,
On 4/9/12 1:18 PM, Christopher Schultz wrote:
In trunk (pre-6.0.36), the line of code is o.a.c.session.ManagerBase:583.
Excuse me, I meant to say 6.0.x/trunk, not trunk. This code doesn't
exist at all in current trunk.
-chris
signature.asc
Description: OpenPGP digital signature
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Subject: Re: Tomcat 6 org.apache.catalina.session.ManagerBase issue
Line 567: long update = ((byte) entropy[i]) ((i % 8) * 8);
2. 'i' is reduced by the modulus operator to 0..7
And then multiplied by 8.
3. Thus, the value
Chuck,
On 4/9/12 1:23 PM, Caldarale, Charles R wrote:
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Subject: Re: Tomcat 6 org.apache.catalina.session.ManagerBase issue
Line 567: long update = ((byte) entropy[i]) ((i % 8) * 8);
2. 'i' is reduced by the modulus operator
From: Christopher Schultz ch...@christopherschultz.net
To: Tomcat Developers List dev@tomcat.apache.org
Cc: Andras Rozsa andras_ro...@yahoo.com
Sent: Monday, April 9, 2012 11:18 AM
Subject: Re: Tomcat 6 org.apache.catalina.session.ManagerBase issue
Andras,
On 4/8/12 10:04 PM