Home/ Questions/Q 7673649
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-31T16:33:40+00:00

The question is rather of academic nature… I’ve got the following architecture: Apache server

  • 0

The question is rather of academic nature…
I’ve got the following architecture: Apache server in front of Jboss AS workers using mod_jk to talk with each other.
What algorithm is used to generate the JSESSIONID or what is it based on? It seem to be similar to output of hash algorithm of some kind (md5 perhaps)?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Here is the code snippet used to generate sessionId for tomcat. I pulled it from Tomcat 5.5.35 Source code. You can find the source code here. The sessionId seems to be generated by ManagerBase class located here. I am adding the code snippet from ManagerBase here for convenience.

    Hope this helps.

    Good luck!

    /**
 * Generate and return a new session identifier.
 */
protected synchronized String generateSessionId() {

    byte random[] = new byte[16];
    String jvmRoute = getJvmRoute();
    String result = null;

    // Render the result as a String of hexadecimal digits
    StringBuffer buffer = new StringBuffer();
    do {
        int resultLenBytes = 0;
        if (result != null) {
            buffer = new StringBuffer();
            duplicates++;
        }

        while (resultLenBytes < this.sessionIdLength) {
            getRandomBytes(random);
            random = getDigest().digest(random);
            for (int j = 0;
            j < random.length && resultLenBytes < this.sessionIdLength;
            j++) {
                byte b1 = (byte) ((random[j] & 0xf0) >> 4);
                byte b2 = (byte) (random[j] & 0x0f);
                if (b1 < 10)
                    buffer.append((char) ('0' + b1));
                else
                    buffer.append((char) ('A' + (b1 - 10)));
                if (b2 < 10)
                    buffer.append((char) ('0' + b2));
                else
                    buffer.append((char) ('A' + (b2 - 10)));
                resultLenBytes++;
            }
        }
        if (jvmRoute != null) {
            buffer.append('.').append(jvmRoute);
        }
        result = buffer.toString();
    } while (sessions.containsKey(result));
    return (result);

}
    • 0