Increase the complexity of jsessionId

Hi All,
For some security reasons i want to increase the complexity of jsessionid created in tomcat.I would like to create a stronger session id with capitals,lowercases,numbers and punctuation marks for the higher security.Is it possible to do?does tomcate allow such customization?

Regards,
Surya

This requirement makes no sense to me. Session ids are generated automatically by the servlet container and are guaranteed to be unique.

Any conceivable security attack would involve grabbing the session ID in transit, the complexity would make no difference.

What kind of security concerns are you most worried about? The answer might get you more useful suggestions.

Bill

You could always hack the source code. But unless you have formal training in cryptology, I'd be very careful about "improving" their algorithm. Most "clever" amateur security schemes have basic fatal flaws in them. The industry-standard algorithms have all been mathematically vetted by pros. And even then occasionally a loophole gets discovered.

According to my estimate, the likelihood of anyone randomly constructing a sessionid identical to the one that JavaRanch is using for me is 37**32, which may not be a googol (sic), but it's close enough for all intents and purposes that given current CPU and network speeds, no one is likely to randomly hit on it in time to do any good (or harm).

Of far more import is whether or not you hide the sessionid by using https (encrypted) connections.