[prev in list] [next in list] [prev in thread] [next in thread]
List: tomcat-dev
Subject: Re: svn commit: r1546621 - in /tomcat/trunk/java/org/apache/catalina/authenticator: AuthenticatorBas
From: Konstantin Kolinko <knst.kolinko () gmail ! com>
Date: 2013-11-29 20:21:00
Message-ID: CABzHfVkmh2Yv4L1zfkeo8GRdd80=MqVzVxf_1VNXBuFyKyoRoA () mail ! gmail ! com
[Download RAW message or body]
There is also similar code in FormAuthenticator.forwardToLoginPage().
Though if anyone really want to debug such issues, I'd recommend to
write a listener for the event sent by ManagerBase.changeSessionId().
For Tomcat 8 that would be a javax.servlet.http.HttpSessionIdListener.
We may add one to the examples webapp.
2013/11/29 <markt@apache.org>:
> Author: markt
> Date: Fri Nov 29 18:45:09 2013
> New Revision: 1546621
>
> URL: http://svn.apache.org/r1546621
> Log:
> Add a debug message when the session ID changes on authentication
>
> Modified:
> tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java
> tomcat/trunk/java/org/apache/catalina/authenticator/LocalStrings.properties
>
> Modified: tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java
>
> URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java?rev=1546621&r1=1546620&r2=1546621&view=diff
> ==============================================================================
> --- tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java \
> (original)
> +++ tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java Fri \
> Nov 29 18:45:09 2013 @@ -724,9 +724,17 @@ public abstract class AuthenticatorBase
>
> if (session != null) {
> if (changeSessionIdOnAuthentication) {
> + String oldId = null;
> + if (log.isDebugEnabled()) {
> + oldId = session.getId();
> + }
> Manager manager = request.getContext().getManager();
> manager.changeSessionId(session);
> request.changeSessionId(session.getId());
> + if (log.isDebugEnabled()) {
> + log.debug(sm.getString("authenticator.changeSessionId",
> + oldId, session.getId()));
> + }
> }
> } else if (alwaysUseSession) {
> session = request.getSessionInternal(true);
>
> Modified: tomcat/trunk/java/org/apache/catalina/authenticator/LocalStrings.properties
>
> URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/LocalStrings.properties?rev=1546621&r1=1546620&r2=1546621&view=diff
> ==============================================================================
> --- tomcat/trunk/java/org/apache/catalina/authenticator/LocalStrings.properties \
> (original)
> +++ tomcat/trunk/java/org/apache/catalina/authenticator/LocalStrings.properties Fri \
> Nov 29 18:45:09 2013 @@ -14,6 +14,7 @@
> # limitations under the License.
>
> authenticator.certificates=No client certificate chain in this request
> +authenticator.changeSessionId=Session ID changed on authentication from [{0}] to \
> [{1}] authenticator.formlogin=Invalid direct reference to form login page
> authenticator.loginFail=Login failed
> authenticator.manager=Exception initializing trust managers
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: dev-help@tomcat.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic