Am Montag, den 11.04.2016, 10:22 +0000 schrieb Arno Schäfer: > Hi Felix, > > thank you very much for that hint. > > > When a session gets 'authenticated' its id will change to prevent > > session fixation attacks. If you are interested in the events telling > > you the change you have two possibilities: > ok, that explain, what I see :-) > > > 1. Use servlet api 3.1 and use a HttpSessionIdListener (which means > > upgrading to tomcat 8 or newer) > That's an option for the next release, not for now. > > > 2. Use a ContainerListener. > I took the 'org.apache.catalina.ContainerListener' and implement > the interface in my own SessionListener, but I got no container event > there. Is this the interface and the right place for the implementation?
You will have to register the ContainerListener yourself with the context. You might want to try using a LifecycleListener to do this. The SessionListener is from servlet API, the Container- and LifecycleListener are tomcat internal classes. They will not mix that perfectly, as they are kept apart on purpose. Regards, Felix > > > best regards > Arno > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
