jsessionid length and force

fuligj.fuligj.indamail.hu Sep 21, 2008 12:21 PM

Hi!

I would like to know where can I configure the JSESSIONID's length and force.

Thank You!

1. Re: jsessionid length and force

sjmenden Sep 21, 2008 9:16 PM (in response to fuligj.fuligj.indamail.hu)

Not possible unless you were to recompile Tomcat, why would you need to configure the length?
Actions
2. Re: jsessionid length and force

fuligj.fuligj.indamail.hu Sep 22, 2008 3:04 PM (in response to fuligj.fuligj.indamail.hu)

Thank You for reply!

I would like to config a stronger session id with capitals,lowercases,numbers and punctuation marks for the higher security. Is this unnecessary?
Actions
3. Re: jsessionid length and force

sjmenden Sep 25, 2008 10:39 PM (in response to fuligj.fuligj.indamail.hu)

Length should be sufficient, I haven't seen any issues with security concerns over the actual JSESSIONID content wise, since it has a length of 32 characters, that should be plenty.
Actions