Currently, Tomcat uses the "java.security.SecureRandom" class to create a secure session ID but this will slow down the startup of the first page.
Are you really running a site where it will make any real difference in performance? This very much sounds to me like a seriously premature optimization..
[I agree, but the question still stands... What's the syntax?
<SessionIdGenerator randomClass="java.security.SecureRandom" randomFile="/dev/urandom" />to
<SessionIdGenerator randomClass="java.util.Random" />
However, be warned that this method leaves your sessions open to attack. It would take a dedicated hacker, but if you're storing any sensitive data, this is a big no-no. So put it back to SecureRandom when you're done testing this.