Files
spring-framework/spring-websocket
Brian Clozel 8cd2c40860 Improve random source in SockJS server support
Prior to this commit, the SockJs server support would use
`java.util.Random` to send a random value to clients when they request
the `/info` endpoint. Per protocol, clients can use this value as a
source of entropy for generating a random session id.

In practice, this is not used by clients. For example, the SockJS
javascript client is using a cryptographically safe API to generate
session ids.

While this has no concrete effect on known clients, this commit improves
the random source in the server support by switching to
`java.security.SecureRandom`.

Closes gh-33632
2024-10-01 21:29:19 +02:00
..