Helo,
[snip]
The application uses a session concept. The user starts with a login page (a servlet) which do some initial stuff. Then, when she entered her name and password the request is send to the menu (JSP) which uses a session bean what does the login. Now she starts working on many JSPs and servlets... finally the logout page (servlet) is called to cleanup all beans and remove them from session context. So, that's what it does.
Now what I want to do:
The login page does not know any about the user who is visiting it (and don't need to). All logging requests until the session bean successfully left the login should be directed to one file. So it is quiet easy to analyze the login process. To keep apart multiple requests at the same time from different clients, the HTTP session id should be logged.
All user action between login and logout are to be directed to a separate file (one for each user and each session). The bulk of files are structured by creating sub directories for each user.
My attempt was to use MDC to put some properties (HTTP session id and user id) on the thread that executes the current request. I wrote my own appender that holds a hash table with file appenders associated by combination of session and user id. Depending on the mentioned properties my appender gets the file appender from the hash and redirects the logging event to it. All was fine until I noticed that the servlet container (I was using tomact 3.3.1a - but WebLogic, WebSphere and JBoss has to be supported too) reuses the threads. Due to the fact that I didn't remove the user id from the thread after the request finished, the request of another client which has not yet logged in uses the same thread and logs with the wrong user id.
Now I guess, if I want to use MDC for this issue I have to put and remove the properties (session and user id) in each and every JSP and servlet (about three dozens)? Is there now simpler way? I think this is some error-prone, if I forget to remove the properties...
I already thought about javax.servlet.Filter, but this is first available since Servelt API 2.3. I have to support 2.2. Another thought was to have my own "Filter" by implementing a servlet which proxies all request and do the MDC.put and MDC.remove at its request handling... But isn't this somewhat disproportionate - "just for logging" ???
Filters are a good bet. Basically any interceptor that is invoked before the servlet begins handling an incoming request and is also invoked when the servlet completes its work, is appropriate.
If filters are not available, any interception mechanism can do just as well. Tomcat valves, JBoss interceptors, Struts plug-ins are all possible candidates.
I hope that I was doing the wrong way so far, and anyone out there has an ingenious idea to do session logging with log4j. Otherwise it is really hard to do this with log4j, I think.
It's not really a log4j problem but rather one of request interception.
Thanks and best regards Stefan
-- Ceki Gülcü
For log4j documentation consider "The complete log4j manual"
ISBN: 2970036908 http://www.qos.ch/shop/products/clm_t.jsp
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
