Is jSessionId really unique?

霸气de小男生 提交于 2019-12-23 09:34:38

问题


To put some context, i'm developing an API to track user actions on the site (anon users too). So far, we use jsessionId to identify each user and his actions.

That API, now runs on Tomcat and JBoss.

The really matter question is, since we analize all data one a day, is in any way the uniqueness of this jsessionId guaranteed all along the day? Or, not concurrently, can other user get the same jsessionId used previously by other one?

Thanks in advance.


回答1:


Sorry, it's not specified. It's only required to be unique for that jvm at that point in time. That is, session ids can be reused multiple times a day, as long as no one else has a session in place. I agree that most actual implementations might offer a stronger guarantee, but I don't think you can count on it.

Take a look at this mailing list - in it the people discuss session id reuse in both tomcat and resin.

So, basically the assumption the session ID is unique, is only true until the session gets destroyed.



来源:https://stackoverflow.com/questions/5890587/is-jsessionid-really-unique

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!