Is there any interest in making the session id length configurable? If so, please consider my patch (attached).
Thanks,
Jan
Index: Manager.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/Manager.java,v
retrieving revision 1.6
diff -u -r1.6 Manager.java
--- Manager.java 13 Jan 2004 01:39:36 -0000 1.6
+++ Manager.java 7 Feb 2004 02:19:31 -0000
@@ -164,6 +164,24 @@
public void setMaxInactiveInterval(int interval);
+ /**
+ * Gets the session id length (in bytes) of Sessions created by
+ * this Manager.
+ *
+ * @return The session id length
+ */
+ public int getSessionIdLength();
+
+
+ /**
+ * Sets the session id length (in bytes) for Sessions created by this
+ * Manager.
+ *
+ * @param sessionIdLength The session id length
+ */
+ public void setSessionIdLength(int idLength);
+
+
// --------------------------------------------------------- Public Methods
Index: session/ManagerBase.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/session/ManagerBase.java,v
retrieving revision 1.24
diff -u -r1.24 ManagerBase.java
--- session/ManagerBase.java 26 Jan 2004 20:19:11 -0000 1.24
+++ session/ManagerBase.java 7 Feb 2004 02:19:31 -0000
@@ -119,13 +119,6 @@
/**
- * The number of random bytes to include when generating a
- * session identifier.
- */
- protected static final int SESSION_ID_BYTES = 16;
-
-
- /**
* The message digest algorithm to be used when generating session
* identifiers. This must be an algorithm supported by the
* <code>java.security.MessageDigest</code> class on your platform.
@@ -187,6 +180,12 @@
/**
+ * The session id length of Sessions created by this Manager.
+ */
+ protected int sessionIdLength = 16;
+
+
+ /**
* The descriptive name of this Manager implementation (for logging).
*/
protected static String name = "ManagerBase";
@@ -488,6 +487,36 @@
/**
+ * Gets the session id length (in bytes) of Sessions created by
+ * this Manager.
+ *
+ * @return The session id length
+ */
+ public int getSessionIdLength() {
+
+ return (this.sessionIdLength);
+
+ }
+
+
+ /**
+ * Sets the session id length (in bytes) for Sessions created by this
+ * Manager.
+ *
+ * @param sessionIdLength The session id length
+ */
+ public void setSessionIdLength(int idLength) {
+
+ int oldSessionIdLength = this.sessionIdLength;
+ this.sessionIdLength = idLength;
+ support.firePropertyChange("sessionIdLength",
+ new Integer(oldSessionIdLength),
+ new Integer(this.sessionIdLength));
+
+ }
+
+
+ /**
* Return the descriptive short name of this Manager implementation.
*/
public String getName() {
@@ -496,8 +525,9 @@
}
- /** Use /dev/random-type special device. This is new code, but may reduce the
- * big delay in generating the random.
+ /**
+ * Use /dev/random-type special device. This is new code, but may reduce
+ * the big delay in generating the random.
*
* You must specify a path to a random generator file. Use /dev/urandom
* for linux ( or similar ) systems. Use /dev/random for maximum security
@@ -828,23 +858,30 @@
* Generate and return a new session identifier.
*/
protected synchronized String generateSessionId() {
- byte bytes[] = new byte[SESSION_ID_BYTES];
- getRandomBytes( bytes );
- bytes = getDigest().digest(bytes);
+
+ byte random[] = new byte[16];
// Render the result as a String of hexadecimal digits
StringBuffer result = new StringBuffer();
- for (int i = 0; i < bytes.length; i++) {
- byte b1 = (byte) ((bytes[i] & 0xf0) >> 4);
- byte b2 = (byte) (bytes[i] & 0x0f);
- if (b1 < 10)
- result.append((char) ('0' + b1));
- else
- result.append((char) ('A' + (b1 - 10)));
- if (b2 < 10)
- result.append((char) ('0' + b2));
- else
- result.append((char) ('A' + (b2 - 10)));
+ int resultLenBytes = 0;
+ while (resultLenBytes < this.sessionIdLength) {
+ getRandomBytes(random);
+ random = getDigest().digest(random);
+ for (int j = 0;
+ j < random.length && resultLenBytes < this.sessionIdLength;
+ j++) {
+ byte b1 = (byte) ((random[j] & 0xf0) >> 4);
+ byte b2 = (byte) (random[j] & 0x0f);
+ if (b1 < 10)
+ result.append((char) ('0' + b1));
+ else
+ result.append((char) ('A' + (b1 - 10)));
+ if (b2 < 10)
+ result.append((char) ('0' + b2));
+ else
+ result.append((char) ('A' + (b2 - 10)));
+ resultLenBytes++;
+ }
}
return (result.toString());
Index: session/mbeans-descriptors.xml
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/session/mbeans-descriptors.xml,v
retrieving revision 1.3
diff -u -r1.3 mbeans-descriptors.xml
--- session/mbeans-descriptors.xml 10 Dec 2003 23:00:36 -0000 1.3
+++ session/mbeans-descriptors.xml 7 Feb 2004 02:19:31 -0000
@@ -52,6 +52,11 @@
created by this Manager"
type="int"/>
+ <attribute name="sessionIdLength"
+ description="The session id length (in bytes) of Sessions
+ created by this Manager"
+ type="int"/>
+
<attribute name="name"
description="The descriptive name of this Manager implementation
(for logging)"
@@ -175,6 +180,11 @@
<attribute name="maxInactiveInterval"
description="The default maximum inactive interval for Sessions
+ created by this Manager"
+ type="int"/>
+
+ <attribute name="sessionIdLength"
+ description="The session id length (in bytes) of Sessions
created by this Manager"
type="int"/>
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
