On Thu, 18 Oct 2001, Scott Ahten wrote:
> Date: Thu, 18 Oct 2001 00:41:31 -0400
> From: Scott Ahten <[EMAIL PROTECTED]>
> Reply-To: [EMAIL PROTECTED]
> To: [EMAIL PROTECTED]
> Subject: how unique is the session key?
>
> i'm planning on implementing a 'remember my login' feature in a project
> i'm working on. is the sesssion key unique enough to be used as a
> persistant cookie to uniquly identify clients across multiple sessions?
>
No. You are absolutely guaranteed that session ids will be reused,
because they are based on a random number generator and there are only so
many possible numbers.
> if so, does this just apply to tomcat or is this part of the spec and
> container independent?
>
Why do you need anything other than assigning your own ids, and making
sure that you never assign the same id more than once?
> thanks,
>
> ~scott
>
>
>
Craig
