RE: AccessLogValve calling order
Uh, if the Access Log Value logged before the request was complete, how would it know the number of bytes written to log? George Sexton MH Software, Inc. http://www.mhsoftware.com/ Voice: 303 438 9585 -Original Message- From: Jason Brittain [mailto:jason.britt...@mulesource.com] Sent: Friday, November 13, 2009 7:12 PM To: Tomcat Users List Subject: Re: AccessLogValve calling order Hi Chris. Thanks for diagnosing this problem! It appears you're right that it logs only after the session is invalidated (after the request is complete) on a logout request. That bug has existed in the code for a very long time, unnoticed. The AccessLogValve was initially implemented to log only after the request processing is complete so that the client never needs to wait for the logging to complete. With the new addition of asynchronous logging, however, it's quite a bit less important to log only when the request is complete. It seems like it would help if the access logger could be configurable to log either before or after handling the request (I'm not sure logging both before and after makes sense). Your ideas for %Sr and %{methodName}rm both seem useful as well, though I think the %{methodName}rm one has potential security side effect issues. So, I would suggest implementing your first two ideas. I'm also happy to help you with that, if you'd like. Cheers. -- Jason Brittain MuleSoft http://www.mulesoft.com On Fri, Nov 13, 2009 at 2:22 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 All, Amazingly enough, I had my first need to use AccessLogValve today, and one of the things I wanted to print was the user's session id. No, problem: just add %S to the log pattern. Well, there is one problem: you can't spit-out the session id for logout requests because the logic for the AccessLogValve is: if(enabled) invoke next valve print log message else invoke next valve Note that the request has essentially completed when the log message is generated. This makes complete sense as you typically want to log /after/ the request so you can do things like find out how many bytes were sent, how long the request took, etc. In my case, I want to have access to the session id before the session is invalidated (which happens in the logout servlet). Another option would be to get the requested session id from the request (which can only be done with the current AccessLogValve if the client is using cookies), though that can be misleading because anyone can request anything... it's not guaranteed to use a useful value. Anyhow, I was wondering if anyone had any suggestions short of heavily modifying the AccessLogValve or developing something from scratch. I'd also be happy to provide a patch for the AccessLogValve that add any or all of the following capabilities: 1. Allow log before or after request (or both?) 2. Add requested session id to standard pattern options (%Sr?) or 3. Add %{xxx}rm to call ServletRequest.xxx and print the result (allows ${getRequestedSessionId}rm Any comments? Thanks, - -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: AccessLogValve calling order
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 George, On 11/16/2009 11:35 AM, George Sexton wrote: Uh, if the Access Log Value logged before the request was complete, how would it know the number of bytes written to log? If you read the whole first post, you'd see that I mentioned that. - -chris George Sexton MH Software, Inc. http://www.mhsoftware.com/ Voice: 303 438 9585 -Original Message- From: Jason Brittain [mailto:jason.britt...@mulesource.com] Sent: Friday, November 13, 2009 7:12 PM To: Tomcat Users List Subject: Re: AccessLogValve calling order Hi Chris. Thanks for diagnosing this problem! It appears you're right that it logs only after the session is invalidated (after the request is complete) on a logout request. That bug has existed in the code for a very long time, unnoticed. The AccessLogValve was initially implemented to log only after the request processing is complete so that the client never needs to wait for the logging to complete. With the new addition of asynchronous logging, however, it's quite a bit less important to log only when the request is complete. It seems like it would help if the access logger could be configurable to log either before or after handling the request (I'm not sure logging both before and after makes sense). Your ideas for %Sr and %{methodName}rm both seem useful as well, though I think the %{methodName}rm one has potential security side effect issues. So, I would suggest implementing your first two ideas. I'm also happy to help you with that, if you'd like. Cheers. -- Jason Brittain MuleSoft http://www.mulesoft.com On Fri, Nov 13, 2009 at 2:22 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 All, Amazingly enough, I had my first need to use AccessLogValve today, and one of the things I wanted to print was the user's session id. No, problem: just add %S to the log pattern. Well, there is one problem: you can't spit-out the session id for logout requests because the logic for the AccessLogValve is: if(enabled) invoke next valve print log message else invoke next valve Note that the request has essentially completed when the log message is generated. This makes complete sense as you typically want to log /after/ the request so you can do things like find out how many bytes were sent, how long the request took, etc. In my case, I want to have access to the session id before the session is invalidated (which happens in the logout servlet). Another option would be to get the requested session id from the request (which can only be done with the current AccessLogValve if the client is using cookies), though that can be misleading because anyone can request anything... it's not guaranteed to use a useful value. Anyhow, I was wondering if anyone had any suggestions short of heavily modifying the AccessLogValve or developing something from scratch. I'd also be happy to provide a patch for the AccessLogValve that add any or all of the following capabilities: 1. Allow log before or after request (or both?) 2. Add requested session id to standard pattern options (%Sr?) or 3. Add %{xxx}rm to call ServletRequest.xxx and print the result (allows ${getRequestedSessionId}rm Any comments? Thanks, - -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAksBu44ACgkQ9CaO5/Lv0PAw4wCguv7l9vhQnpzPn8yNKYLR6GQw P/YAn2Xhaz3AzZad0J+/5eAxmIXph2C6 =ZMwX -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
AccessLogValve calling order
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 All, Amazingly enough, I had my first need to use AccessLogValve today, and one of the things I wanted to print was the user's session id. No, problem: just add %S to the log pattern. Well, there is one problem: you can't spit-out the session id for logout requests because the logic for the AccessLogValve is: if(enabled) invoke next valve print log message else invoke next valve Note that the request has essentially completed when the log message is generated. This makes complete sense as you typically want to log /after/ the request so you can do things like find out how many bytes were sent, how long the request took, etc. In my case, I want to have access to the session id before the session is invalidated (which happens in the logout servlet). Another option would be to get the requested session id from the request (which can only be done with the current AccessLogValve if the client is using cookies), though that can be misleading because anyone can request anything... it's not guaranteed to use a useful value. Anyhow, I was wondering if anyone had any suggestions short of heavily modifying the AccessLogValve or developing something from scratch. I'd also be happy to provide a patch for the AccessLogValve that add any or all of the following capabilities: 1. Allow log before or after request (or both?) 2. Add requested session id to standard pattern options (%Sr?) or 3. Add %{xxx}rm to call ServletRequest.xxx and print the result (allows ${getRequestedSessionId}rm Any comments? Thanks, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkr93D0ACgkQ9CaO5/Lv0PCLuwCeLq+sIqkfrAgDNmW5i1JECVzz oTwAnRDS6E7oZIRDQEwtzptBKHDju4Op =rrdK -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: AccessLogValve calling order
Hi Chris. Thanks for diagnosing this problem! It appears you're right that it logs only after the session is invalidated (after the request is complete) on a logout request. That bug has existed in the code for a very long time, unnoticed. The AccessLogValve was initially implemented to log only after the request processing is complete so that the client never needs to wait for the logging to complete. With the new addition of asynchronous logging, however, it's quite a bit less important to log only when the request is complete. It seems like it would help if the access logger could be configurable to log either before or after handling the request (I'm not sure logging both before and after makes sense). Your ideas for %Sr and %{methodName}rm both seem useful as well, though I think the %{methodName}rm one has potential security side effect issues. So, I would suggest implementing your first two ideas. I'm also happy to help you with that, if you'd like. Cheers. -- Jason Brittain MuleSoft http://www.mulesoft.com On Fri, Nov 13, 2009 at 2:22 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 All, Amazingly enough, I had my first need to use AccessLogValve today, and one of the things I wanted to print was the user's session id. No, problem: just add %S to the log pattern. Well, there is one problem: you can't spit-out the session id for logout requests because the logic for the AccessLogValve is: if(enabled) invoke next valve print log message else invoke next valve Note that the request has essentially completed when the log message is generated. This makes complete sense as you typically want to log /after/ the request so you can do things like find out how many bytes were sent, how long the request took, etc. In my case, I want to have access to the session id before the session is invalidated (which happens in the logout servlet). Another option would be to get the requested session id from the request (which can only be done with the current AccessLogValve if the client is using cookies), though that can be misleading because anyone can request anything... it's not guaranteed to use a useful value. Anyhow, I was wondering if anyone had any suggestions short of heavily modifying the AccessLogValve or developing something from scratch. I'd also be happy to provide a patch for the AccessLogValve that add any or all of the following capabilities: 1. Allow log before or after request (or both?) 2. Add requested session id to standard pattern options (%Sr?) or 3. Add %{xxx}rm to call ServletRequest.xxx and print the result (allows ${getRequestedSessionId}rm Any comments? Thanks, - -chris