On 16/06/2016 11:11, Andy Wilkinson wrote: > I would be quite happy if Tomcat made it easy for an embedder to configure > it in such a way that the use of SecureRandom during startup could be > disabled. Spring Boot could enable this option by default thereby allowing > users, without them configuring anything, to only pay to cost of session ID > generation if their application actually generates a session ID.
What if Boot created a custom ID generator by extending StandardSessionIdGenerator and overriding startInternal() so it sets the state but doesn't call getSessionId() ? That should only be a few lines of code for the custom generator and a few lines more to set it on the Manager. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
