Well, of course you will someday, it's still a finite-state machine ;-).
The current TC 4/5 implementation has (if I've done the math right :) about
8E28 possible session values, so necessarily you will get a repeat after you
generate that many sessions.
The id is generated by SecureRandom, so the expected time for a repeat is
pretty large. In addition, TC 5 uses /dev/urandom to generate the seed, so
the time should be even longer than with TC 4.
"Marc Hughes" <marc@(protected)
news:3FE83C8B.3000101@(protected)...
> I'm curious, will a tomcat instance ever create duplicate session ID's?
>
> And I mean *ever*, so if I run a server for 5 years (with multiple
> reboots, etc.) will I ever get a duplicate session ID? If so what's the
> frequency it would happen? Every million, billion, 10 trillion? Does
> the situation change if I have a cluster of tomcat servers?
>
> Thanks!
> -Marc
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@(protected)
For additional commands, e-mail: tomcat-user-help@(protected)
