On 2024/09/23 03:28:06 Igal Sapir wrote:
> Hello,
>
> The current implementation of getRequestId() is optimized for speed and
> generates IDs that are unique to a running instance of Tomcat.
>
> But most server configurations nowadays require uniqueness across the whole
> system, and currently we do not offer that as:
>
> 1. Request IDs are only unique to a running Tomcat instance
>
> 2. Request IDs are reset to 0 each time Tomcat is restarted
>
> 3. Request IDs are sometimes generated by another system like a load
> balancer or reverse proxy, and passed around via the HTTP header
> "X-Request-Id"
>
> I want to propose a patch that would:
>
> 1. Check for HTTP header "X-Request-Id" and if valid (e.g. does not attempt
> SQL or XSS injection etc.) returns it
that would be very helpful for such a usecase:
> RequestHeader set Correlation-Id "%{UNIQUE_ID}e"
> Header always set Correlation-Id "%{UNIQUE_ID}e"
with mod_unique_id.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
