#3 Duplicate Session IDs


There is a flaw in session ID generation that causes to create same session ID for two different clients connected at
the same time.

[One more note: Ben told me that the session ID generation is random - there is a high chance on duplicate depending
how random seeds are initialized; also it is pseudo-random function specific).

Problem description:

We have an application that creates 1 ephemeral node of the following form:
where <host:port> is specific to the node where the application runs and is retrieved using gethostbyname, and the
value of 'connected' is set to the current time (as returned by time function).

We have many applications, however lets consider application A and B that are connecting from 2 hosts: A from
rz502425:8080 and B from llf520108:8080.


  • Benjamin Reed

    Benjamin Reed - 2007-12-12

    Logged In: YES
    Originator: YES

    It turns out I was wrong. The session ID isn't random it is simply a 64-bit numbers with the high order bits set to System.currentTimeMillis(). The patch "[ 1848999 ] Patch for session conflicsts on leader and followers" should address this problem, but just to add a bit more detail:

    Session creation is a very common operation. It doesn't need to go through consensus and it happens with every new client connect, so being able to let each server do it independently would be optimal. The key to independent session creation is partitioning the session ID space properly. I think Patch 1848999 does it correctly: the first 8-bits partition by server id; that prevents reuse between servers. The next 32-bits use currentTimeMillis(), that prevents different instances of the same server from reusing the same 40-bit prefix. The rest of the bits are just a counter.

  • Jacob Levy

    Jacob Levy - 2007-12-12

    Logged In: YES
    Originator: NO

    I agree that partitioning by ZK server ID and then further uniquifying with currentTimeMillis() is sufficient to yield a unique session ID.

  • Benjamin Reed

    Benjamin Reed - 2008-02-07
    • status: open --> closed-fixed
  • Benjamin Reed

    Benjamin Reed - 2008-02-07

    Logged In: YES
    Originator: YES

    Fixed with: [ 1848999 ] Patch for session conflicsts on leader and followers


Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

No, thanks