You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Fred Toth <ft...@synernet.com> on 2014/06/08 22:00:48 UTC
Adding user session id to access log with %S doesn't work?
Hi,
This feature is in the doc since at least tomcat 5. I'm using tomcat
7.0.47 and I just tried to add the user session id to the access log by
adding "%S" to the pattern attribute. However, it's not working. All I'm
getting is "-" in the log.
Is there some trick to this? I haven't found anything online or in
bugzilla. Also posted to stack overflow:
http://stackoverflow.com/questions/24110188/cant-configure-tomcat-access-log-session-id-with-s
Thanks,
Fred
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Adding user session id to access log with %S doesn't work?
Posted by Mark Thomas <ma...@apache.org>.
On 09/06/2014 10:59, André Warnier wrote:
> Mark Thomas wrote:
>> On 09/06/2014 01:41, Fred Toth wrote:
>>> Hi Dan,
>>>
>>> Yes, the rest of the log is correct, and yes, I am certain I have an
>>> active session (I can see the cookie in my browser).
>>
>> Then something is messed up in your configuration. I've just checked
>> this works and it does. You'll need to provide your full server.xml
>> (comments removed please). Replace any passwords with "***" or similar.
>>
>
> Does the fact of having a session necessarily imply that the
> corresponding user is authenticated ?
No.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Adding user session id to access log with %S doesn't work?
Posted by André Warnier <aw...@ice-sa.com>.
Mark Thomas wrote:
> On 09/06/2014 01:41, Fred Toth wrote:
>> Hi Dan,
>>
>> Yes, the rest of the log is correct, and yes, I am certain I have an
>> active session (I can see the cookie in my browser).
>
> Then something is messed up in your configuration. I've just checked
> this works and it does. You'll need to provide your full server.xml
> (comments removed please). Replace and passwords with "***" or similar.
>
Does the fact of having a session necessarily imply that the corresponding user is
authenticated ?
> Marl
>
>
>> Thanks,
>> Fred
>>
>> On 6/8/2014 4:30 PM, Daniel Mikusa wrote:
>>> On Jun 8, 2014 4:01 PM, "Fred Toth" <ft...@synernet.com> wrote:
>>>> Hi,
>>>>
>>>> This feature is in the doc since at least tomcat 5. I'm using tomcat
>>> 7.0.47 and I just tried to add the user session id to the access log by
>>> adding "%S" to the pattern attribute. However, it's not working. All I'm
>>> getting is "-" in the log.
>>>
>>> Have to ask, but are you sure that the request has an active session?
>>> Usually when you see "-" it means the value is absent for that request.
>>>
>>>> Is there some trick to this? I haven't found anything online or in
>>> bugzilla. Also posted to stack overflow:
>>>
>>> Not aware of any tricks. AccessLogValve is pretty straightforward. Is
>>> the
>>> rest of the log record correct?
>>>
>>> Dan
>>>
>>> http://stackoverflow.com/questions/24110188/cant-configure-tomcat-access-log-session-id-with-s
>>>
>>>> Thanks,
>>>> Fred
>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Adding user session id to access log with %S doesn't work?
Posted by Fred Toth <ft...@synernet.com>.
Hi Chris,
Thanks very much, this helps. I was also mistaken about the cookie. Sure
enough, on further testing, the JSESSIONID cookie appears at the same
time the session key shows up in the log, but not before.
And no, authentication is not currently in place, but will be soon,
which is why I've been going down this trail.
Thanks again,
Fred
On 6/9/2014 1:03 PM, Christopher Schultz wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Fred,
>
> On 6/9/14, 10:59 AM, Fred Toth wrote:
>> I'm confused. I thought (apparently mistakenly) that there was
>> always a session, but I must be wrong.
> There is not always a session.
>
> For container-manager FORM-based authentication, there will always be
> a session after authentication. (Actually, there will be a session
> once Tomcat decides it will demand authentication, which is
> technically before the authentication itself takes place). For BASIC-
> and DIGEST-based authentication, a session is not necessary at all,
> though common.
>
> Sessions can also exist completely independently of authentication.
>
>> I just downloaded a fresh instance of 7.0.54 and added the %S to
>> the valve config. However, I don't get any session keys in the log
>> when I click around in the doc. But, as soon as I click on the
>> manager or status links, I get the key.
> Before authentication, there is no need for a session, so you don't
> get the session id in the log. Once authenticated, the manager webapp
> uses a session and therefore you'll get the session id.
>
>> So I guess there's a key available only when code creates a
>> session? And not all the time, even though (I think) there's a
>> session cookie all the time?
> There is only a session cookie when there is a session. Cookies are
> used for other things, too. You said "there is a cookie in my browser"
> when you still can't see the session id in your logs. What cookie is it?
>
>> I'd appreciate any clarification on this.
> If you are using request.getSession() and its returning non-null, then
> you should be able to get %S to spit-out the session id. It has worked
> for me for years.
>
> Do you have any strange authentication in place?
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBCAAGBQJTlejNAAoJEBzwKT+lPKRYZCkP/jWSd1EkNvYvzD5YO5SMT7Qa
> wpYKJThHsifuAmuEejWHo/i4x0zozW4i4J/gpLJ8+Nv9K4wFAN6rMdbelAeYSQY4
> RXUv44BZRPU/MLqZmt4SJcc7gw8PKbkklgPd8n6q4QXOKWuPPpnwYk+cvAbfCaqu
> XZ5Be7Rt/XG08GvN8LCgCyDTqIq/Yp382Y+iZopPKb37U5IvE9uMhgE6hzo48Lg/
> ykybJTUoEfMD5cSIqugoRSSZJbHXFiUcKlEVNQCrX4YiSxXCzwt8Q09rq0d013d7
> svzRdTEr68LjsnSeKgDuIFdQYNs35PECxvPatwAvDCLn3VLaZrEN8SsV/KTKpNGQ
> VZGQk7+9TL2QctskgnPhQ8atwzmCThutOusIVnPlUyBKdQx5RmT3yagSle0LL8gM
> Hj1rymI1aUtX0LfDc+4VrYplCDQl1MjjYREkko58UlATXLSUL973MLrDzyxxcMKz
> YLbi5l6WC5FcX1T63dsCPNdHReYt1HtN8wv0Gv9C/Hh2fEv1QjbjubHA86VGjBBF
> tQk1j50G41KzJOQSyY88gRLXgDUJabcfdB/6f/wcYaAU8QI4iOU32O0NqlKehfi3
> i2WQypRBtjCft3B41grRwiFG/rINRXHf37B7Zj4kfDOq/NhEjiDrJfUorzklr6v4
> wSCXC/w9z9fTs1RHdc/N
> =dpQS
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Adding user session id to access log with %S doesn't work?
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Fred,
On 6/9/14, 10:59 AM, Fred Toth wrote:
> I'm confused. I thought (apparently mistakenly) that there was
> always a session, but I must be wrong.
There is not always a session.
For container-manager FORM-based authentication, there will always be
a session after authentication. (Actually, there will be a session
once Tomcat decides it will demand authentication, which is
technically before the authentication itself takes place). For BASIC-
and DIGEST-based authentication, a session is not necessary at all,
though common.
Sessions can also exist completely independently of authentication.
> I just downloaded a fresh instance of 7.0.54 and added the %S to
> the valve config. However, I don't get any session keys in the log
> when I click around in the doc. But, as soon as I click on the
> manager or status links, I get the key.
Before authentication, there is no need for a session, so you don't
get the session id in the log. Once authenticated, the manager webapp
uses a session and therefore you'll get the session id.
> So I guess there's a key available only when code creates a
> session? And not all the time, even though (I think) there's a
> session cookie all the time?
There is only a session cookie when there is a session. Cookies are
used for other things, too. You said "there is a cookie in my browser"
when you still can't see the session id in your logs. What cookie is it?
> I'd appreciate any clarification on this.
If you are using request.getSession() and its returning non-null, then
you should be able to get %S to spit-out the session id. It has worked
for me for years.
Do you have any strange authentication in place?
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCAAGBQJTlejNAAoJEBzwKT+lPKRYZCkP/jWSd1EkNvYvzD5YO5SMT7Qa
wpYKJThHsifuAmuEejWHo/i4x0zozW4i4J/gpLJ8+Nv9K4wFAN6rMdbelAeYSQY4
RXUv44BZRPU/MLqZmt4SJcc7gw8PKbkklgPd8n6q4QXOKWuPPpnwYk+cvAbfCaqu
XZ5Be7Rt/XG08GvN8LCgCyDTqIq/Yp382Y+iZopPKb37U5IvE9uMhgE6hzo48Lg/
ykybJTUoEfMD5cSIqugoRSSZJbHXFiUcKlEVNQCrX4YiSxXCzwt8Q09rq0d013d7
svzRdTEr68LjsnSeKgDuIFdQYNs35PECxvPatwAvDCLn3VLaZrEN8SsV/KTKpNGQ
VZGQk7+9TL2QctskgnPhQ8atwzmCThutOusIVnPlUyBKdQx5RmT3yagSle0LL8gM
Hj1rymI1aUtX0LfDc+4VrYplCDQl1MjjYREkko58UlATXLSUL973MLrDzyxxcMKz
YLbi5l6WC5FcX1T63dsCPNdHReYt1HtN8wv0Gv9C/Hh2fEv1QjbjubHA86VGjBBF
tQk1j50G41KzJOQSyY88gRLXgDUJabcfdB/6f/wcYaAU8QI4iOU32O0NqlKehfi3
i2WQypRBtjCft3B41grRwiFG/rINRXHf37B7Zj4kfDOq/NhEjiDrJfUorzklr6v4
wSCXC/w9z9fTs1RHdc/N
=dpQS
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Adding user session id to access log with %S doesn't work?
Posted by Fred Toth <ft...@synernet.com>.
Hi again,
I'm confused. I thought (apparently mistakenly) that there was always a
session, but I must be wrong.
I just downloaded a fresh instance of 7.0.54 and added the %S to the
valve config. However, I don't get any session keys in the log when I
click around in the doc. But, as soon as I click on the manager or
status links, I get the key.
So I guess there's a key available only when code creates a session? And
not all the time, even though (I think) there's a session cookie all the
time?
I'd appreciate any clarification on this.
Thanks,
Fred
On 6/9/2014 4:58 AM, Mark Thomas wrote:
> On 09/06/2014 01:41, Fred Toth wrote:
>> Hi Dan,
>>
>> Yes, the rest of the log is correct, and yes, I am certain I have an
>> active session (I can see the cookie in my browser).
> Then something is messed up in your configuration. I've just checked
> this works and it does. You'll need to provide your full server.xml
> (comments removed please). Replace and passwords with "***" or similar.
>
> Marl
>
>
>> Thanks,
>> Fred
>>
>> On 6/8/2014 4:30 PM, Daniel Mikusa wrote:
>>> On Jun 8, 2014 4:01 PM, "Fred Toth" <ft...@synernet.com> wrote:
>>>> Hi,
>>>>
>>>> This feature is in the doc since at least tomcat 5. I'm using tomcat
>>> 7.0.47 and I just tried to add the user session id to the access log by
>>> adding "%S" to the pattern attribute. However, it's not working. All I'm
>>> getting is "-" in the log.
>>>
>>> Have to ask, but are you sure that the request has an active session?
>>> Usually when you see "-" it means the value is absent for that request.
>>>
>>>> Is there some trick to this? I haven't found anything online or in
>>> bugzilla. Also posted to stack overflow:
>>>
>>> Not aware of any tricks. AccessLogValve is pretty straightforward. Is
>>> the
>>> rest of the log record correct?
>>>
>>> Dan
>>>
>>> http://stackoverflow.com/questions/24110188/cant-configure-tomcat-access-log-session-id-with-s
>>>
>>>> Thanks,
>>>> Fred
>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Adding user session id to access log with %S doesn't work?
Posted by Mark Thomas <ma...@apache.org>.
On 09/06/2014 01:41, Fred Toth wrote:
> Hi Dan,
>
> Yes, the rest of the log is correct, and yes, I am certain I have an
> active session (I can see the cookie in my browser).
Then something is messed up in your configuration. I've just checked
this works and it does. You'll need to provide your full server.xml
(comments removed please). Replace and passwords with "***" or similar.
Marl
>
> Thanks,
> Fred
>
> On 6/8/2014 4:30 PM, Daniel Mikusa wrote:
>> On Jun 8, 2014 4:01 PM, "Fred Toth" <ft...@synernet.com> wrote:
>>> Hi,
>>>
>>> This feature is in the doc since at least tomcat 5. I'm using tomcat
>> 7.0.47 and I just tried to add the user session id to the access log by
>> adding "%S" to the pattern attribute. However, it's not working. All I'm
>> getting is "-" in the log.
>>
>> Have to ask, but are you sure that the request has an active session?
>> Usually when you see "-" it means the value is absent for that request.
>>
>>> Is there some trick to this? I haven't found anything online or in
>> bugzilla. Also posted to stack overflow:
>>
>> Not aware of any tricks. AccessLogValve is pretty straightforward. Is
>> the
>> rest of the log record correct?
>>
>> Dan
>>
>>>
>> http://stackoverflow.com/questions/24110188/cant-configure-tomcat-access-log-session-id-with-s
>>
>>> Thanks,
>>> Fred
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Adding user session id to access log with %S doesn't work?
Posted by Fred Toth <ft...@synernet.com>.
Hi Dan,
Yes, the rest of the log is correct, and yes, I am certain I have an
active session (I can see the cookie in my browser).
Thanks,
Fred
On 6/8/2014 4:30 PM, Daniel Mikusa wrote:
> On Jun 8, 2014 4:01 PM, "Fred Toth" <ft...@synernet.com> wrote:
>> Hi,
>>
>> This feature is in the doc since at least tomcat 5. I'm using tomcat
> 7.0.47 and I just tried to add the user session id to the access log by
> adding "%S" to the pattern attribute. However, it's not working. All I'm
> getting is "-" in the log.
>
> Have to ask, but are you sure that the request has an active session?
> Usually when you see "-" it means the value is absent for that request.
>
>> Is there some trick to this? I haven't found anything online or in
> bugzilla. Also posted to stack overflow:
>
> Not aware of any tricks. AccessLogValve is pretty straightforward. Is the
> rest of the log record correct?
>
> Dan
>
>>
> http://stackoverflow.com/questions/24110188/cant-configure-tomcat-access-log-session-id-with-s
>> Thanks,
>> Fred
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Adding user session id to access log with %S doesn't work?
Posted by Daniel Mikusa <dm...@gopivotal.com>.
On Jun 8, 2014 4:01 PM, "Fred Toth" <ft...@synernet.com> wrote:
>
> Hi,
>
> This feature is in the doc since at least tomcat 5. I'm using tomcat
7.0.47 and I just tried to add the user session id to the access log by
adding "%S" to the pattern attribute. However, it's not working. All I'm
getting is "-" in the log.
Have to ask, but are you sure that the request has an active session?
Usually when you see "-" it means the value is absent for that request.
>
> Is there some trick to this? I haven't found anything online or in
bugzilla. Also posted to stack overflow:
Not aware of any tricks. AccessLogValve is pretty straightforward. Is the
rest of the log record correct?
Dan
>
>
http://stackoverflow.com/questions/24110188/cant-configure-tomcat-access-log-session-id-with-s
>
> Thanks,
> Fred
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>