Hi Chris,
Thanks very much, this helps. I was also mistaken about the cookie. Sure
enough, on further testing, the JSESSIONID cookie appears at the same
time the session key shows up in the log, but not before.
And no, authentication is not currently in place, but will be soon,
which is why I've been going down this trail.
Thanks again,
Fred
On 6/9/2014 1:03 PM, Christopher Schultz wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Fred,
On 6/9/14, 10:59 AM, Fred Toth wrote:
I'm confused. I thought (apparently mistakenly) that there was
always a session, but I must be wrong.
There is not always a session.
For container-manager FORM-based authentication, there will always be
a session after authentication. (Actually, there will be a session
once Tomcat decides it will demand authentication, which is
technically before the authentication itself takes place). For BASIC-
and DIGEST-based authentication, a session is not necessary at all,
though common.
Sessions can also exist completely independently of authentication.
I just downloaded a fresh instance of 7.0.54 and added the %S to
the valve config. However, I don't get any session keys in the log
when I click around in the doc. But, as soon as I click on the
manager or status links, I get the key.
Before authentication, there is no need for a session, so you don't
get the session id in the log. Once authenticated, the manager webapp
uses a session and therefore you'll get the session id.
So I guess there's a key available only when code creates a
session? And not all the time, even though (I think) there's a
session cookie all the time?
There is only a session cookie when there is a session. Cookies are
used for other things, too. You said "there is a cookie in my browser"
when you still can't see the session id in your logs. What cookie is it?
I'd appreciate any clarification on this.
If you are using request.getSession() and its returning non-null, then
you should be able to get %S to spit-out the session id. It has worked
for me for years.
Do you have any strange authentication in place?
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCAAGBQJTlejNAAoJEBzwKT+lPKRYZCkP/jWSd1EkNvYvzD5YO5SMT7Qa
wpYKJThHsifuAmuEejWHo/i4x0zozW4i4J/gpLJ8+Nv9K4wFAN6rMdbelAeYSQY4
RXUv44BZRPU/MLqZmt4SJcc7gw8PKbkklgPd8n6q4QXOKWuPPpnwYk+cvAbfCaqu
XZ5Be7Rt/XG08GvN8LCgCyDTqIq/Yp382Y+iZopPKb37U5IvE9uMhgE6hzo48Lg/
ykybJTUoEfMD5cSIqugoRSSZJbHXFiUcKlEVNQCrX4YiSxXCzwt8Q09rq0d013d7
svzRdTEr68LjsnSeKgDuIFdQYNs35PECxvPatwAvDCLn3VLaZrEN8SsV/KTKpNGQ
VZGQk7+9TL2QctskgnPhQ8atwzmCThutOusIVnPlUyBKdQx5RmT3yagSle0LL8gM
Hj1rymI1aUtX0LfDc+4VrYplCDQl1MjjYREkko58UlATXLSUL973MLrDzyxxcMKz
YLbi5l6WC5FcX1T63dsCPNdHReYt1HtN8wv0Gv9C/Hh2fEv1QjbjubHA86VGjBBF
tQk1j50G41KzJOQSyY88gRLXgDUJabcfdB/6f/wcYaAU8QI4iOU32O0NqlKehfi3
i2WQypRBtjCft3B41grRwiFG/rINRXHf37B7Zj4kfDOq/NhEjiDrJfUorzklr6v4
wSCXC/w9z9fTs1RHdc/N
=dpQS
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
