-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Pid,
On 10/15/2010 12:19 PM, Pid wrote: > On 15/10/2010 17:02, Juliano Daloia de Carvalho wrote: >> I'll inject code using an agent. >> >> The thing is that I need to know for sure the message entering point on >> Tomcat, >> and the leaving point also, so I can be able to sniff if the clients message >> has >> the Cookie info with JSESSIONID= or not. and before sending to check if >> tomcat >> sent set-cookie on header so I can make the change needed. > > Why? What does the code do that can't be done via a Servlet Filter? You can't intercept the JSESSIONID in the following scenario: 1. User requests protected resource 2. Tomcat creates HttpSession, replies with Set-Cookie and FORM login page 3. User authenticates 4. User is forwarded/redirected to originally-requested resource from #1 Until step #4, no webapp-defined filter will run :( This can be done with a Valve, but I'm not exactly sure how to insert a Valve before the authentication valve, which is (I think) what you'd have to do. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAky4oSgACgkQ9CaO5/Lv0PCy6ACeNxzO/MDqDjCilfQv8QYyruvx T1QAoLSaZwrAqfM7miyp6NgMuyiCiRr+ =vjRr -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
