On Thu, Jun 16, 2016 at 10:52 AM, Rémy Maucherat <r...@apache.org> wrote:
You're basically asking for all products to
> behave the same because it would be nicer for your own product.


I can assure you I'm not. I simply wanted to explore the possibility of
Tomcat behaving the same way. I didn't want to prescribe a solution but you
appear to have assumed that I want to change Tomcat's default behaviour for
everyone. That's not the case.

I would be quite happy if Tomcat made it easy for an embedder to configure
it in such a way that the use of SecureRandom during startup could be
disabled. Spring Boot could enable this option by default thereby allowing
users, without them configuring anything, to only pay to cost of session ID
generation if their application actually generates a session ID.

That's fine, but choice is good.
>

Indeed it is. That's why I'd like a choice to defer the use of SecureRandom
until it's actually needed.

Andy

Reply via email to