HttpServletRequest's getSession(boolean) method mentions session integrity. How does Tomcat maintains session i开发者_Python百科ntegrity? What rules does it use? What method? What is happening under the hood precisely?
EDIT
How and when is a specific session ID is created? Does Tomcat rely on IP address and port for example?
In Tomcat the ManagerBase.generateSessionId() method is responsible for session id generation. It looks for me that session ids are generated based on random numbers. You can store the client's IP address in the session and check it in your webapp but as far as I know Tomcat does not do that.
About session integrity: could you define it, please? There is a paragraph about it in the Java Servlet Specification, Version 3.0 but it isn't too much:
7.1.4 Session Integrity
Web containers must be able to support the HTTP session while servicing HTTP requests from clients that do not support the use of cookies. To fulfill this requirement, Web containers commonly support the URL rewriting mechanism.
This blog gives some details on Session Tracking with cookies with Tomcat.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论