Currently, Tomcat uses the "" class to create a secure session ID but this will slow down the startup of the first page.

John Mitchell

Are you really running a site where it will make any real difference in performance? This very much sounds to me like a seriously premature optimization..

[I agree, but the question still stands... What's the syntax?

Answer: in server.xml, change
<SessionIdGenerator randomClass="" randomFile="/dev/urandom" />
<SessionIdGenerator randomClass="java.util.Random" />

However, be warned that this method leaves your sessions open to attack. It would take a dedicated hacker, but if you're storing any sensitive data, this is a big no-no. So put it back to SecureRandom when you're done testing this.

- Alex]

0 Comments  (click to add your comment)
Comment and Contribute






(Maximum characters: 1200). You have 1200 characters left.



About | Sitemap | Contact