-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Fred,
On 6/9/14, 10:59 AM, Fred Toth wrote: > I'm confused. I thought (apparently mistakenly) that there was > always a session, but I must be wrong. There is not always a session. For container-manager FORM-based authentication, there will always be a session after authentication. (Actually, there will be a session once Tomcat decides it will demand authentication, which is technically before the authentication itself takes place). For BASIC- and DIGEST-based authentication, a session is not necessary at all, though common. Sessions can also exist completely independently of authentication. > I just downloaded a fresh instance of 7.0.54 and added the %S to > the valve config. However, I don't get any session keys in the log > when I click around in the doc. But, as soon as I click on the > manager or status links, I get the key. Before authentication, there is no need for a session, so you don't get the session id in the log. Once authenticated, the manager webapp uses a session and therefore you'll get the session id. > So I guess there's a key available only when code creates a > session? And not all the time, even though (I think) there's a > session cookie all the time? There is only a session cookie when there is a session. Cookies are used for other things, too. You said "there is a cookie in my browser" when you still can't see the session id in your logs. What cookie is it? > I'd appreciate any clarification on this. If you are using request.getSession() and its returning non-null, then you should be able to get %S to spit-out the session id. It has worked for me for years. Do you have any strange authentication in place? - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJTlejNAAoJEBzwKT+lPKRYZCkP/jWSd1EkNvYvzD5YO5SMT7Qa wpYKJThHsifuAmuEejWHo/i4x0zozW4i4J/gpLJ8+Nv9K4wFAN6rMdbelAeYSQY4 RXUv44BZRPU/MLqZmt4SJcc7gw8PKbkklgPd8n6q4QXOKWuPPpnwYk+cvAbfCaqu XZ5Be7Rt/XG08GvN8LCgCyDTqIq/Yp382Y+iZopPKb37U5IvE9uMhgE6hzo48Lg/ ykybJTUoEfMD5cSIqugoRSSZJbHXFiUcKlEVNQCrX4YiSxXCzwt8Q09rq0d013d7 svzRdTEr68LjsnSeKgDuIFdQYNs35PECxvPatwAvDCLn3VLaZrEN8SsV/KTKpNGQ VZGQk7+9TL2QctskgnPhQ8atwzmCThutOusIVnPlUyBKdQx5RmT3yagSle0LL8gM Hj1rymI1aUtX0LfDc+4VrYplCDQl1MjjYREkko58UlATXLSUL973MLrDzyxxcMKz YLbi5l6WC5FcX1T63dsCPNdHReYt1HtN8wv0Gv9C/Hh2fEv1QjbjubHA86VGjBBF tQk1j50G41KzJOQSyY88gRLXgDUJabcfdB/6f/wcYaAU8QI4iOU32O0NqlKehfi3 i2WQypRBtjCft3B41grRwiFG/rINRXHf37B7Zj4kfDOq/NhEjiDrJfUorzklr6v4 wSCXC/w9z9fTs1RHdc/N =dpQS -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
