Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


The HashSessionIdManager class by default will use the random number generator. It uses the operating system's source to provide entropy. If your machine is very tranquil, then there may not be enough entropy to drive the random number generator and hence the operating system waits for more interrupts, disk IO, network traffic or whatever is used to generate the entropy.

One An INSECURE solution, apart from loading the machine more (smile), is to replace the SecureRandom with the java.util.Random generator instead. Add the following lines to your jetty.xml file:

Code Block
<Set name="sessionIdManager">
  <New class="org.mortbay.jetty.servlet.HashSessionIdManager">
      <New class="java.util.Random"/>
    <Set name="workerName">node1</Set>

Session IDs generated by Random may be able to be predicted, thus it is not recommended to use Random in production.

Contact the core Jetty developers at
private support for your internal/customer projects ... custom extensions and distributions ... versioned snapshots for indefinite support ... scalability guidance for your apps and Ajax/Comet projects ... development services from 1 day to full product delivery