Currently, Tomcat uses the "java.security.SecureRandom" class to create a secure session ID but this will slow down the startup of the first page.

John Mitchell

Are you really running a site where it will make any real difference in performance? This very much sounds to me like a seriously premature optimization..

[I agree, but the question still stands... What's the syntax?

Answer: in server.xml, change
<SessionIdGenerator randomClass="java.security.SecureRandom" randomFile="/dev/urandom" />
to
<SessionIdGenerator randomClass="java.util.Random" />

However, be warned that this method leaves your sessions open to attack. It would take a dedicated hacker, but if you're storing any sensitive data, this is a big no-no. So put it back to SecureRandom when you're done testing this.

- Alex]

0 Comments  (click to add your comment)
Comment and Contribute

 

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 

About | Sitemap | Contact