This Question and Answer are collected from stackoverflow and tested by JTuto community, is licensed under CC BY-SA 2.5. - CC BY-SA 3.0. - CC BY-SA 4.0.
Issue
When running a java web application with the servlet api (like JSF or JSP pages), somewhere along the line a ‘unique’ SessionID is generated to identify the user’s session.
I’m wondering how these sessionID’s are generated. Do they include the IP of the client? A timestamp? Random numbers?
Secondly, I’m wondering where this generation happens? Is this dependent on the server that runs the application?
Solution
It is container specific. Tomcat: http://tomcat.apache.org/tomcat-7.0-doc/security-howto.html#Manager
Answered By – Aleksandr M