org.apache.tomcat.util: public class: SessionIdGenerator

org.apache.tomcat.util
public class: SessionIdGenerator [javadoc | source]

java.lang.Object
   org.apache.tomcat.util.SessionIdGenerator

Generates sesssion ids for the system. The ids produced by this class aren't very sophisticated being just a random number followed by a synchronized counter.

author: James - Duncan Davidson [duncan@eng.sun.com]

author: Jason - Hunter [jhunter@acm.org]

Method from org.apache.tomcat.util.SessionIdGenerator Summary:
generateId

Methods from java.lang.Object:
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method from org.apache.tomcat.util.SessionIdGenerator Detail:
public static synchronized String generateId() { // XXX // This code is not very secure at all. It's good enough // for a reference implementation where you want to make // sure to not repeat under most circumstances -- but its // not anything that could be considered to be safe for // military or banking use. // maybe..... // replace with some sort of MD5 hash so that it is impossible // to figure out which is the counter and which is the random Integer i = new Integer(counter++); StringBuffer buf = new StringBuffer(); String dString = Double.toString(Math.abs(Math.random())); // we do the substring to get rid of the initial '0.' // characters. buf.append("To"); buf.append(i); buf.append("mC"); buf.append(dString.substring(2, dString.length())); buf.append("At"); return buf.toString(); }

Method from org.apache.tomcat.util.SessionIdGenerator Detail:

 public static synchronized String generateId() {
	// XXX
	// This code is not very secure at all. It's good enough
	// for a reference implementation where you want to make
	// sure to not repeat under most circumstances -- but its
	// not anything that could be considered to be safe for
	// military or banking use.
	// maybe.....
	// replace with some sort of MD5 hash so that it is impossible
	// to figure out which is the counter and which is the random
        Integer i = new Integer(counter++);
        StringBuffer buf = new StringBuffer();
        String dString = Double.toString(Math.abs(Math.random()));
        // we do the substring to get rid of the initial '0.'
        // characters.
        buf.append("To");
        buf.append(i);
        buf.append("mC");
        buf.append(dString.substring(2, dString.length()));
        buf.append("At");
        return buf.toString();
}