'Re: svn commit: r1546621 - in /tomcat/trunk/java/org/apache/catalina/authenticator: AuthenticatorBas'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       tomcat-dev
Subject:    Re: svn commit: r1546621 - in /tomcat/trunk/java/org/apache/catalina/authenticator: AuthenticatorBas
From:       Konstantin Kolinko <knst.kolinko () gmail ! com>
Date:       2013-11-29 20:21:00
Message-ID: CABzHfVkmh2Yv4L1zfkeo8GRdd80=MqVzVxf_1VNXBuFyKyoRoA () mail ! gmail ! com
[Download RAW message or body]

There is also similar code in FormAuthenticator.forwardToLoginPage().

Though if anyone really want to debug such issues, I'd recommend to
write a listener for the event sent by ManagerBase.changeSessionId().
For Tomcat 8 that would be a javax.servlet.http.HttpSessionIdListener.
 We may add one to the examples webapp.


2013/11/29  <markt@apache.org>:
> Author: markt
> Date: Fri Nov 29 18:45:09 2013
> New Revision: 1546621
> 
> URL: http://svn.apache.org/r1546621
> Log:
> Add a debug message when the session ID changes on authentication
> 
> Modified:
> tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java
> tomcat/trunk/java/org/apache/catalina/authenticator/LocalStrings.properties
> 
> Modified: tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java
>                 
> URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java?rev=1546621&r1=1546620&r2=1546621&view=diff
>  ==============================================================================
> --- tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java \
>                 (original)
> +++ tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java Fri \
> Nov 29 18:45:09 2013 @@ -724,9 +724,17 @@ public abstract class AuthenticatorBase
> 
> if (session != null) {
> if (changeSessionIdOnAuthentication) {
> +                String oldId = null;
> +                if (log.isDebugEnabled()) {
> +                    oldId = session.getId();
> +                }
> Manager manager = request.getContext().getManager();
> manager.changeSessionId(session);
> request.changeSessionId(session.getId());
> +                if (log.isDebugEnabled()) {
> +                    log.debug(sm.getString("authenticator.changeSessionId",
> +                            oldId, session.getId()));
> +                }
> }
> } else if (alwaysUseSession) {
> session = request.getSessionInternal(true);
> 
> Modified: tomcat/trunk/java/org/apache/catalina/authenticator/LocalStrings.properties
>                 
> URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/LocalStrings.properties?rev=1546621&r1=1546620&r2=1546621&view=diff
>  ==============================================================================
> --- tomcat/trunk/java/org/apache/catalina/authenticator/LocalStrings.properties \
>                 (original)
> +++ tomcat/trunk/java/org/apache/catalina/authenticator/LocalStrings.properties Fri \
> Nov 29 18:45:09 2013 @@ -14,6 +14,7 @@
> # limitations under the License.
> 
> authenticator.certificates=No client certificate chain in this request
> +authenticator.changeSessionId=Session ID changed on authentication from [{0}] to \
> [{1}] authenticator.formlogin=Invalid direct reference to form login page
> authenticator.loginFail=Login failed
> authenticator.manager=Exception initializing trust managers
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: dev-help@tomcat.apache.org
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic