Good (unpredictable) session id generators ?

Hi,

Could anyone please recommend how to generate good session ids ?

(for a servelt container, generating http session IDs).

We'll appreciate recommendations for either:

- the algorithm

- configuration parameters (such as what to put in Tomcat's "entropy" param)

- good random number generator

We're using Tomcat 5.5, so we'll welcome any Tomcat-specific recommendations, but we'll also appreciate any other (generic) recommendations. The main thing is the algorithm.

We prefer open-source/free implementations, but we can also do with good commercial tools .

Thanks :)

[636 byte] By [solmyr72a] at [2007-10-3 2:21:42]

«« if(str){ , or if(!str){ can it work in java ?
»» HEX (UNICODE) to ANSII

# 1

In order of merit:1. java.util.UUID @since 1.52. java.rmi.server.UID3. java.security.SecureRandom()

ejpa at 2007-7-14 19:20:40 >

top of Java-index,Security,Other Security APIs, Tools, and Issues...

Java programming resources: FAQs, tutorials, compiler and browser download sites, documentation, books lists, IDEs, etc.

Good (unpredictable) session id generators ?

Security New Topic

Security Hot Topic

Security

All Classified