I work on Spring Boot which uses Tomcat (or Jetty or Undertow) as an
embedded servlet container. We've seen a number of complaints from users
that their application hangs during startup, most often on a newly booted
VPS. The root cause is a lack of entropy which causes Tomcat's use of
SecureRandom
On Thu, Jun 16, 2016 at 10:21 AM, Rémy Maucherat wrote:
> -1, I am against fake improvements.
>
Do you consider the improvement for applications that do not use HTTP
sessions at all to also be fake?
Andy
On Thu, Jun 16, 2016 at 10:23 AM, Romain Manni-Bucau
wrote:
> @Andy: you can use FastNonSecureRandom to disable it, should be enough for
> applications not using the session
>
Thanks for the suggestion. That's certainly an option, but it requires some
configuration that I'd like to be unnecessar
On Thu, Jun 16, 2016 at 10:52 AM, Rémy Maucherat wrote:
You're basically asking for all products to
> behave the same because it would be nicer for your own product.
I can assure you I'm not. I simply wanted to explore the possibility of
Tomcat behaving the same way. I didn't want to prescribe
On Thu, Jun 16, 2016 at 12:42 PM, Mark Thomas wrote:
> What if Boot created a custom ID generator by extending
> StandardSessionIdGenerator and overriding startInternal() so it sets the
> state but doesn't call getSessionId() ?
>
> That should only be a few lines of code for the custom generator
On Thu, Jun 16, 2016 at 1:03 PM, Mark Thomas wrote:
So, while I can't guarantee the signature
> isn't going to change, I can say I am reasonably sure it won't change.
>
Good enough for me. Thanks, Mark.
Andy
