Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Is jSessionId really unique?

To put some context, i'm developing an API to track user actions on the site (anon users too). So far, we use jsessionId to identify each user and his actions.

That API, now runs on Tomcat and JBoss.

The really matter question is, since we analize all data one a day, is in any way the uniqueness of this jsessionId guaranteed all along the day? Or, not concurrently, can other user get the same jsessionId used previously by other one?

Thanks in advance.

like image 518
Samuel García Avatar asked May 04 '11 22:05

Samuel García


People also ask

How is Jsessionid generated?

JSESSIONID is a cookie generated by Servlet containers and used for session management in J2EE web applications for HTTP protocol. If a Web server is using a cookie for session management, it creates and sends JSESSIONID cookie to the client and then the client sends it back to the server in subsequent HTTP requests.

What information does Jsessionid contain?

The jsessionid does not contain user credentials. It is a hash key into the server's map of HttpSession objects. Each authenticated user has an HttpSession, so each jsessionid locates the authenticated user information.

Is Jsessionid and session ID same?

The JSESSIONID is generated from the servlet-container like jetty or tomcat or the builtin if you run a grails app standalone. The session-id is generated from the used http-server like apache, etc.


1 Answers

Sorry, it's not specified. It's only required to be unique for that jvm at that point in time. That is, session ids can be reused multiple times a day, as long as no one else has a session in place. I agree that most actual implementations might offer a stronger guarantee, but I don't think you can count on it.

Take a look at this mailing list - in it the people discuss session id reuse in both tomcat and resin.

So, basically the assumption the session ID is unique, is only true until the session gets destroyed.

like image 76
MJB Avatar answered Sep 28 '22 04:09

MJB