I'm not familiar with Tomcat 4.0, but in 3.2 you can set a property named
tomcat.sessionid.randomclass to the name of the class that you want to use
for generating session ids. I've never tried it myself, but it might be
what your looking for.
-----Original Message-----
From: Jon Stevens [mailto:[EMAIL PROTECTED]]
Sent: Sunday, December 17, 2000 9:26 PM
To: [EMAIL PROTECTED]
Subject: Re: [tomcat 4.0] Turning off random number seeding
on 12/17/2000 7:17 PM, "Marc Saegesser" <[EMAIL PROTECTED]> wrote:
> The SecureRandom used in Tomcat 3.2 (and I assume in Tomcat 4.0, as well)
> takes 10-15 seconds to initialize on my PIII/600. I posted a patch a
while
> back to move the PRNG initialization into context initialization (again
for
> Tomcat 3.2).
>
> I think that since we're initializing something inside the servlet
container
> it makes sense for it be part of the container startup and not a big hit
> that's visible to the first user that runs my servlet.
Eitherway, I want to turn it off. :-) I'm doing local development on my box
and I don't need or even want super secure sessions. A semi random number is
more than enough for me. In fact, for this use, if it was just a number that
incremented without any randomness in it at all, that would be fine with me.
:-)
The first call to getServletConfig() is taking over a minute on my machine.
That sucks balls. :-)
-jon
