jSessionId真的很独特吗? [英] Is jSessionId really unique?
问题描述
为了提供一些上下文,我正在开发一个API来跟踪网站上的用户操作(也是用户)。到目前为止,我们使用jsessionId来识别每个用户及其操作。
To put some context, i'm developing an API to track user actions on the site (anon users too). So far, we use jsessionId to identify each user and his actions.
该API现在在Tomcat和JBoss上运行。
That API, now runs on Tomcat and JBoss.
真正重要的问题是,因为我们分析所有每天一个数据,这种jsessionId的唯一性在哪一天都得到保证?或者,不同时,其他用户可以获得其他用户以前使用过的jsessionId吗?
The really matter question is, since we analize all data one a day, is in any way the uniqueness of this jsessionId guaranteed all along the day? Or, not concurrently, can other user get the same jsessionId used previously by other one?
提前致谢。
推荐答案
抱歉,没有指定。它只需要在那个时间点对于那个jvm是唯一的。也就是说,只要没有其他人有会话,会话ID就可以一天重复使用多次。我同意大多数实际实现可能提供更强的保证,但我认为你不能指望它。
Sorry, it's not specified. It's only required to be unique for that jvm at that point in time. That is, session ids can be reused multiple times a day, as long as no one else has a session in place. I agree that most actual implementations might offer a stronger guarantee, but I don't think you can count on it.
看看这个邮件列表 - 在其中人们讨论tomcat中的会话ID重用和树脂。
Take a look at this mailing list - in it the people discuss session id reuse in both tomcat and resin.
因此,基本上假设会话ID是唯一的,只有在会话被销毁之前才会生效。
So, basically the assumption the session ID is unique, is only true until the session gets destroyed.
这篇关于jSessionId真的很独特吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
