Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] Necessity of workerName as part of DefaultSessionIdManager
Reilly,

The workername should uniquely identify a server instance.  This is used a) to prepend to session id to ensure uniqueness  and b) by some of the SessionDataStore flavours to reason about which node was last managing a session when considering whether a session should be regarded as expired or not.  For an example of the latter case, see the InfinispanSessionDataStore. I thought the JDBCSessionDataStore did as well, but can't remember the details now.

regards
Jan

On Thu, 29 Aug 2019 at 10:23, Reilly Brogan <reilly@xxxxxxxxxx> wrote:
We're working on switching our application from external Tomcat to embedded Jetty and one of the things that we've noticed is different is that the SessionId worker name is prepended to all session IDs (we do have multiple application servers accessing the sessions and the docs said we needed to set the workerName).

We'd prefer to avoid this if possible as we log the session ID to several database tables that currently have a length limit that would need to be extended for the new format. Looking at the code it looks like the purpose of this is to try to ensure that there are no ID collisions if there are multiple application servers, but assuming you are using SecureRandom on hosts with sufficient hardware-provided entropy is that really a real risk?

Are there any other reasons that workerName would need to be globally unique that I'm not seeing?
_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users


--
Jan Bartel <janb@xxxxxxxxxxx>
www.webtide.com
Expert assistance from the creators of Jetty and CometD

Back to the top