Geek Answers Handbook

How unique is HttpSession.getId ()?

Is the value returned by HttpSession.getId() guarantee of uniqueness over time, or only unique among all active sessions?

In other words, can I use it as a key to record the session log (which user is logged in, when and for how long)?

If getId is implementation-specific (which I assume is true, since the J2EE specification does not talk about this problem), how is this handled in the Google App Engine?

+4
source share
3 answers

As far as I know, session identifiers are unique until you restart the web server. Thus, the session identifier is unique in time throughout the life cycle of your web server.

In Apache Tomcat, you can check ManagerBase.generateSessionId () to see how the ID is generated. But be careful in Tomcat, the generated identifiers are unique in only one context.

hope this helped

+3
source

Yes, it depends on the implementation . As for any method in any interface :-). For the programmer, make sure the identifier is unique.

If you use ManagerBase.createSession (java.lang.String) in combination with a UUID , you are 100% sure that your identifier will be unique.

+2
source

Question about Google App Engine. GAE is based on Jetty not Tomcat, and you cannot use ManagerBase.createSession (java.lang.String). A session is distributed and stored in a data warehouse (or memcached). It is tracked using a cookie (called JSESSONID), which is managed by the servlet container. In the Datastore, there are objects of the form _ah_SESSION with an identifier that is a session identifier with the prefix "_ahs". Currently, _ah_SESSION objects are not automatically deleted. So the answer is: currently, the session identifier on the GAE is unique in time .

+1
source

More articles:


All Articles