Re: logging http session identifying information
I'm currently tackling this challenge.
In using the CookieMDCFilter, the JSESSIONID that gets logged is very hard
to decipher. meaning, I'm not always getting a JSESSIONID logged, and
sometimes, i seem to have stale JSESSIONID logged. I'm not quite up to par
on the JSESSIONID lifecycle, but will get it soon.
For instance, i get a logging message:
11:01:43,147 ERROR 86985045A03DC9301A6B05C9B0E5AA7C NextLogger : NextLogger
- logging
i close the browser window (IE) and reopen a new window, and execute the
servlet, i see:
11:02:17,178 ERROR 86985045A03DC9301A6B05C9B0E5AA7C NextLogger : NextLogger
- logging
the session id I see has not changed, though i would think the browser uses
a different session id per session... Using mozilla, I even close out all
instances of mozilla, start a new mozilla instance, when i hit the servlet i
still see:
11:06:19,987 ERROR 86985045A03DC9301A6B05C9B0E5AA7C NextLogger : NextLogger
- logging
very strange.. this is the id from IE. maybe this has something to do with
the fact that it isn't cleaning out the MDC (at all) and doesn't clear its
own map until the destroy method. Next, I modified the CookieMDCLogger to do
a little cleanup like so:
// pass control to the next filter
try {
chain.doFilter(request, response);
} finally {
// clean up the MDC.
if (cookieMap != null)
{
for (Iterator iter = cookieMap.entrySet().iterator();iter.hasNext();)
{
Map.Entry element = (Map.Entry) iter.next();
String key = (String) element.getKey();
MDC.remove( key );
if (LOG.isDebugEnabled()) { LOG.debug( remove from MDC with name + key
);}
}
}
}
Please let me know if you see any issues with the clean up, but it seems to
tidy things up a bit. There's still problems with this in that I don't
always get a JSESSIONID logged.
Some general questions. Should the server side session (HttpSession.getId())
match the cookie session id? Which would be more reliable, the server side,
or the client side, or both? Any comments on this would be most appreciated.
I'll have to continue testing this out...
On 5/18/05, Mark Womack [EMAIL PROTECTED] wrote:
There is an example of putting stored cookie information into the MDC. You
could easily modify it to use information from the session instead.
http://cvs.apache.org/viewcvs.cgi/logging-log4j-sandbox/src/java/org/apache/
log4j/servlet/CookieMDCFilter.java?view=markup
It doesn't do anything to remove the MDC information after the next filter
in the filter chain completes, so it might be a good idea to do that. That
way you don't have wayward MDC info sticking around in the thread local
getting reported later in some unrelated request context. I would do that
in a final block if possible to guarantee it gets removed.
hth,
-Mark
-Original Message-
From: Mark Lybarger [mailto: [EMAIL PROTECTED]
Sent: Wednesday, May 18, 2005 6:19 PM
To: Log4J Users List
Subject: Re: logging http session identifying information
i want to log the session id, and any other info from the session that i
choose so that i can sort my logs per session.
i'll check out the sandbox.
On 5/18/05, Mark Womack [EMAIL PROTECTED] wrote:
If I understand correctly, you want to set session/user specific
information
per request? Since the MDC is stored in ThreadLocal, I think you will
need
to use a servlet filter to set and unset the MDC for each request. And
yes,
how threads are assigned to handle requests, etc is very container
specific.
So, setting and unsetting the MDC with each request is a good thing. I
cannot remember offhand if there is already an MDC related servlet
filter
in
the log4j-sandbox. You might want to take a quick look and use it as
an
example.
-Mark
- Original Message -
From: Mark Lybarger [EMAIL PROTECTED]
To: log4j-user@logging.apache.org
Sent: Wednesday, May 18, 2005 5:47 AM
Subject: logging http session identifying information
I'm looking for a method to log http session information in our log4j
logging. we want to be able to trace logging to a particular session.
For
instance, when a user reports having trouble, we would like to see
what
they
did on the web site.
We have a thread id being logged with each log, but there's no way to
tie
the threads together into a session of activity. I've also read that
it's
very container specific as to weather or not the same thread is used
for
an
entire servlet execution.
I came across this note on using MDC for logging session information.
http://ulc-
community.canoo.com/snipsnap/space/Contributions/Integration+Snippets/Log4http://community.canoo.com/snipsnap/space/Contributions/Integration+Snippets/Log4
J+MDC+Integration
It seems rather easy to extend to support any http session attributes
that
i
might want to log (user id, etc).
Are there other methods to easily log
Re: logging http session identifying information
If I understand correctly, you want to set session/user specific information per request? Since the MDC is stored in ThreadLocal, I think you will need to use a servlet filter to set and unset the MDC for each request. And yes, how threads are assigned to handle requests, etc is very container specific. So, setting and unsetting the MDC with each request is a good thing. I cannot remember offhand if there is already an MDC related servlet filter in the log4j-sandbox. You might want to take a quick look and use it as an example. -Mark - Original Message - From: Mark Lybarger [EMAIL PROTECTED] To: log4j-user@logging.apache.org Sent: Wednesday, May 18, 2005 5:47 AM Subject: logging http session identifying information I'm looking for a method to log http session information in our log4j logging. we want to be able to trace logging to a particular session. For instance, when a user reports having trouble, we would like to see what they did on the web site. We have a thread id being logged with each log, but there's no way to tie the threads together into a session of activity. I've also read that it's very container specific as to weather or not the same thread is used for an entire servlet execution. I came across this note on using MDC for logging session information. http://ulc-community.canoo.com/snipsnap/space/Contributions/Integration+Snippets/Log4J+MDC+Integration It seems rather easy to extend to support any http session attributes that i might want to log (user id, etc). Are there other methods to easily log a session id or other information in our log4j logs? Are there drawbacks to the solution of using the MDC integration? One thing that wasn't very clear with the MDC integration was where to put the setup code in an servlet container environment. We're using a startup servlet in all our web apps. Would we need this in each web app's startup servlet? Thanks! ~mark - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: logging http session identifying information
i want to log the session id, and any other info from the session that i choose so that i can sort my logs per session. i'll check out the sandbox. On 5/18/05, Mark Womack [EMAIL PROTECTED] wrote: If I understand correctly, you want to set session/user specific information per request? Since the MDC is stored in ThreadLocal, I think you will need to use a servlet filter to set and unset the MDC for each request. And yes, how threads are assigned to handle requests, etc is very container specific. So, setting and unsetting the MDC with each request is a good thing. I cannot remember offhand if there is already an MDC related servlet filter in the log4j-sandbox. You might want to take a quick look and use it as an example. -Mark - Original Message - From: Mark Lybarger [EMAIL PROTECTED] To: log4j-user@logging.apache.org Sent: Wednesday, May 18, 2005 5:47 AM Subject: logging http session identifying information I'm looking for a method to log http session information in our log4j logging. we want to be able to trace logging to a particular session. For instance, when a user reports having trouble, we would like to see what they did on the web site. We have a thread id being logged with each log, but there's no way to tie the threads together into a session of activity. I've also read that it's very container specific as to weather or not the same thread is used for an entire servlet execution. I came across this note on using MDC for logging session information. http://ulc-community.canoo.com/snipsnap/space/Contributions/Integration+Snippets/Log4J+MDC+Integration It seems rather easy to extend to support any http session attributes that i might want to log (user id, etc). Are there other methods to easily log a session id or other information in our log4j logs? Are there drawbacks to the solution of using the MDC integration? One thing that wasn't very clear with the MDC integration was where to put the setup code in an servlet container environment. We're using a startup servlet in all our web apps. Would we need this in each web app's startup servlet? Thanks! ~mark - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: logging http session identifying information
There is an example of putting stored cookie information into the MDC. You could easily modify it to use information from the session instead. http://cvs.apache.org/viewcvs.cgi/logging-log4j-sandbox/src/java/org/apache/ log4j/servlet/CookieMDCFilter.java?view=markup It doesn't do anything to remove the MDC information after the next filter in the filter chain completes, so it might be a good idea to do that. That way you don't have wayward MDC info sticking around in the thread local getting reported later in some unrelated request context. I would do that in a final block if possible to guarantee it gets removed. hth, -Mark -Original Message- From: Mark Lybarger [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 18, 2005 6:19 PM To: Log4J Users List Subject: Re: logging http session identifying information i want to log the session id, and any other info from the session that i choose so that i can sort my logs per session. i'll check out the sandbox. On 5/18/05, Mark Womack [EMAIL PROTECTED] wrote: If I understand correctly, you want to set session/user specific information per request? Since the MDC is stored in ThreadLocal, I think you will need to use a servlet filter to set and unset the MDC for each request. And yes, how threads are assigned to handle requests, etc is very container specific. So, setting and unsetting the MDC with each request is a good thing. I cannot remember offhand if there is already an MDC related servlet filter in the log4j-sandbox. You might want to take a quick look and use it as an example. -Mark - Original Message - From: Mark Lybarger [EMAIL PROTECTED] To: log4j-user@logging.apache.org Sent: Wednesday, May 18, 2005 5:47 AM Subject: logging http session identifying information I'm looking for a method to log http session information in our log4j logging. we want to be able to trace logging to a particular session. For instance, when a user reports having trouble, we would like to see what they did on the web site. We have a thread id being logged with each log, but there's no way to tie the threads together into a session of activity. I've also read that it's very container specific as to weather or not the same thread is used for an entire servlet execution. I came across this note on using MDC for logging session information. http://ulc- community.canoo.com/snipsnap/space/Contributions/Integration+Snippets/Log4 J+MDC+Integration It seems rather easy to extend to support any http session attributes that i might want to log (user id, etc). Are there other methods to easily log a session id or other information in our log4j logs? Are there drawbacks to the solution of using the MDC integration? One thing that wasn't very clear with the MDC integration was where to put the setup code in an servlet container environment. We're using a startup servlet in all our web apps. Would we need this in each web app's startup servlet? Thanks! ~mark - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
