Currently, Tomcat uses the "java.security.SecureRandom" class to create a secure session ID but this will slow down the startup of the first page.

John Mitchell

Are you really running a site where it will make any real difference in performance? This very much sounds to me like a seriously premature optimization..

[I agree, but the question still stands... What's the syntax?

Answer: in server.xml, change

<SessionIdGenerator randomClass="java.security.SecureRandom" randomFile="/dev/urandom" />
<SessionIdGenerator randomClass="java.util.Random" />

However, be warned that this method leaves your sessions open to attack. It would take a dedicated hacker, but if you're storing any sensitive data, this is a big no-no. So put it back to SecureRandom when you're done testing this.

- Alex]