Skip to content

Commit

Permalink
Session ID must use cryptographically strong random number generator
Browse files Browse the repository at this point in the history
  • Loading branch information
@jerrinot
jerrinot committed Oct 6, 2014
1 parent 5fb5e73 commit 6af4f9c
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions hazelcast-wm/src/main/java/com/hazelcast/web/WebFilter.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,6 @@
import com.hazelcast.core.MapEvent;
import com.hazelcast.logging.ILogger;
import com.hazelcast.logging.Logger;
import com.hazelcast.util.UuidUtil;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
Expand All @@ -50,6 +49,7 @@
import java.util.Map.Entry;
import java.util.Properties;
import java.util.Set;
import java.util.UUID;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import java.util.logging.Level;
Expand Down Expand Up @@ -146,7 +146,7 @@ void destroyOriginalSession(HttpSession originalSession) {
}

private static String generateSessionId() {
final String id = UuidUtil.buildRandomUuidString();
final String id = UUID.randomUUID().toString();
final StringBuilder sb = new StringBuilder("HZ");
final char[] chars = id.toCharArray();
for (final char c : chars) {
Expand Down

0 comments on commit 6af4f9c

Please sign in to comment.