[SOLVED] How is a sessionID generated?


This Question and Answer are collected from stackoverflow and tested by JTuto community, is licensed under
CC BY-SA 2.5. - CC BY-SA 3.0. - CC BY-SA 4.0.

Issue

When running a java web application with the servlet api (like JSF or JSP pages), somewhere along the line a ‘unique’ SessionID is generated to identify the user’s session.

I’m wondering how these sessionID’s are generated. Do they include the IP of the client? A timestamp? Random numbers?

Secondly, I’m wondering where this generation happens? Is this dependent on the server that runs the application?

Solution

It is container specific. Tomcat: http://tomcat.apache.org/tomcat-7.0-doc/security-howto.html#Manager

Answered By – Aleksandr M

people found this article helpful. What about you?