RE: Session ID's

2005-08-02 Thread Derrick Koes
Use HttpServletResponse.encodeURL(String url) -Original Message- From: Charles P. Killmer [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 02, 2005 10:04 AM To: Tomcat Users List Subject: Session ID's Is there a configuration setting such that every local URL will be encoded with a

RE: Session ID's

2005-08-02 Thread Charles P. Killmer
I was hoping there was a configuration setting that would tack the session id onto every hyperlink at runtime, much as PHP does. Charles -Original Message- From: Derrick Koes [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 02, 2005 9:20 AM To: Tomcat Users List Subject: RE: Session ID's

Re: Session ID's

2005-08-02 Thread Christoph Kutzinski
at runtime, much as PHP does. Charles -Original Message- From: Derrick Koes [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 02, 2005 9:20 AM To: Tomcat Users List Subject: RE: Session ID's Use HttpServletResponse.encodeURL(String url) -Original Message- From: Charles P. Killmer

RE: Session ID's

2005-08-02 Thread Charles P. Killmer
at runtime, much as PHP does. Charles -Original Message- From: Derrick Koes [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 02, 2005 9:20 AM To: Tomcat Users List Subject: RE: Session ID's Use HttpServletResponse.encodeURL(String url) -Original Message- From: Charles P

RE: Session ID's

2005-08-02 Thread Charles P. Killmer
-Ursprüngliche Nachricht- Von: Charles P. Killmer [mailto:[EMAIL PROTECTED] Gesendet: Dienstag, 2. August 2005 17:03 An: Tomcat Users List Betreff: RE: Session ID's I was hoping there was a configuration setting that would tack the session id onto every hyperlink at runtime, much

Re: Session ID's

2003-12-23 Thread Tim Funk
See the tomcat-dev archives. There was a big discussion many months ago about duplicate session ids and the chance for a dup id. -Tim Marc Hughes wrote: I'm curious, will a tomcat instance ever create duplicate session ID's? And I mean *ever*, so if I run a server for 5 years (with multiple

Re: Session ID's

2003-12-23 Thread Bill Barker
Well, of course you will someday, it's still a finite-state machine ;-). The current TC 4/5 implementation has (if I've done the math right :) about 8E28 possible session values, so necessarily you will get a repeat after you generate that many sessions. The id is generated by SecureRandom, so

Re: session id's really unique?

2002-12-30 Thread Glenn Olander
You run the risk of getting duplicate session id's. However, across contexts you'll have separate Managers, and therefore different sets of sessions. So, you don't run the risk of one context gaining access to another context's sessions. The risk is the one discussed in the other session id

Re: session id's really unique?

2002-12-30 Thread shawn
Just to confirm, If I send use RequestDispatcher.forward(request, response) and send it to another context, that session will be newly managed under the new context (or by the original context) and therefore there is no risk of duplicate id's. The other issue is to be patched. Shawn Sorry to