Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[jetty-users] Necessity of workerName as part of DefaultSessionIdManager

We're working on switching our application from external Tomcat to embedded Jetty and one of the things that we've noticed is different is that the SessionId worker name is prepended to all session IDs (we do have multiple application servers accessing the sessions and the docs said we needed to set the workerName).

We'd prefer to avoid this if possible as we log the session ID to several database tables that currently have a length limit that would need to be extended for the new format. Looking at the code it looks like the purpose of this is to try to ensure that there are no ID collisions if there are multiple application servers, but assuming you are using SecureRandom on hosts with sufficient hardware-provided entropy is that really a real risk?

Are there any other reasons that workerName would need to be globally unique that I'm not seeing?

Back to the top