Currently, Tomcat uses the "java.security.SecureRandom" class to create a secure session ID but this will slow down the startup of the first page.
Created May 4, 2012
John Mitchell
Are you really running a site where it will make any real difference in performance? This very much sounds to me like a seriously premature optimization..
[I agree, but the question still stands... What's the syntax?
Answer: in server.xml, change
<SessionIdGenerator randomClass="java.security.SecureRandom" randomFile="/dev/urandom" />to
<SessionIdGenerator randomClass="java.util.Random" />
However, be warned that this method leaves your sessions open to attack. It would take a dedicated hacker, but if you're storing any sensitive data, this is a big no-no. So put it back to SecureRandom when you're done testing this.
- Alex]