How unique is the HttpSession identifier?

Question

How unique is the HttpSession identifier?

I am going to uniquely identify the user by storing the unique identifier in my cookie. HttpSession ID is a good choice from my google search. Just wanted to know how unique it is? Is it unique to the webcontainer, or when it expires, will it be restored? If it repeats, all my user logins can follow the cast. Some expert opinions on using sessonID as a unique identifier for my users.

+6

java session-cookies servlets session

cherit Oct 21 '12 at 13:16

source share

2 answers

Session IDs are unique and significant only for the session lifetime. The session identifier identifies the session: nothing more, nothing less. It does not identify the user.

You cannot and should not rely on session identifiers that are ever reused, not to mention the same user.

+7

Matt ball Oct 21 '12 at 13:19

source share

Jb nizet · Accepted Answer · 2012-10-21T13:20:20+0000

The session identifier must uniquely identify the session on the server or on the server cluster. You have no guarantee of uniqueness in reboots. Why don't you just use a database sequence or UUID ?

How unique is the HttpSession identifier?

More articles: