hey one question regarding this topic I'm facing an issue where my old app
is doing a creation of multiple sessions but just one is the correct one or
at least is who contains the data and works fine. the others sessions that
are created contains random data that im not sure yet what information
contains. I saw that some dependencies as javamelody create or trigger the
creation of sessions.
<!-- <dependency>-->
<!-- <groupId>net.bull.javamelody</groupId>-->
<!-- <artifactId>javamelody-core</artifactId>-->
<!-- <version>1.91.0</version>-->
<!-- </dependency>-->
these are the blobs that were encrypted :
¬í sr java.lang.Long;‹ä Ì #ß J valuexr java.lang.Number†¬• ”à‹ xp Â*jƒsq
~ Â*¼£sr java.lang.Integer â ¤÷ ‡8 I valuexq ~ sr java.lang.BooleanÍ
r€Õœúî Z valuexp sq ~ sq ~ Â*¼¥t E822F1886161BDE64BBAF294330834E0ppsq
~ t
testAttributet testValue
¬í sr java.lang.Long;‹ä Ì #ß J valuexr java.lang.Number†¬• ”à‹ xp  –âsq
~  –ãsr java.lang.Integer â ¤÷ ‡8 I valuexq ~ sr java.lang.BooleanÍ
r€Õœúî Z valuexp sq ~ sq ~  ™nt 07CED191BB6F3412FF9CF706F8A6CCD3ppsq
~ t org.apache.struts.action.LOCALEsr java.util.Locale~ø `œ0ùì I
hashcodeL countryt Ljava/lang/String;L
extensionsq ~ L languageq ~ L scriptq ~ L variantq ~ xpÿÿÿÿt USt t enq ~ q
~ x
The first one is the new application where i was setting a testAttribute a
"testvalue"
but the other one is what im trying to figure out which process is doing
that.
I already turn on the logger with
org.apache.catalina.session.level = ALL
java.util.logging.ConsoleHandler.level=ALL
I can see how the sessions are being moved to stored but is there any way
to print what is saving? or to undo the encript i have a method where im
hitting the bd and getting the data
@GetMapping("/checkB")
public Map<String, String> checkB() {
logger.log(Level.INFO, "Msg");
Map<String, String> response = new HashMap<>();
try {
String sql = "SELECT session_data FROM tomcat_sessions WHERE
session_id='130B672C9914E98D4C11FAC8ECA621F8'"; // add your condition
here
String serializedData = jdbcTemplate.queryForObject(sql, String.class);
Object deserializedObject = deserializeData(serializedData);
// Handle the deserialized object as needed
response.put("status", "success");
response.put("message", "Session data deserialized successfully.");
} catch (Exception e) {
e.printStackTrace();
response.put("status", "error");
response.put("message", "Failed to deserialize session data.");
}
return response;
}
private Object deserializeData(String serializedData) throws Exception {
// Decode Base64 encoded serialized data
byte[] serializedBytes = Base64.getDecoder().decode(serializedData);
// Deserialize the data using ObjectInputStream
ByteArrayInputStream bis = new ByteArrayInputStream(serializedBytes);
ObjectInputStream ois = new ObjectInputStream(bis);
Object deserializedObject = ois.readObject();
// Close the input streams
ois.close();
bis.close();
return deserializedObject;
}
but it fails on the function of the decode() . Is there any way to do that?
Any help is appreciate it Thanks!
El lun, 12 feb 2024 a las 9:52, Miguel Vidal (<rivens...@gmail.com>)
escribió:
> Yes both are pointing the same configuration because i was doing some
> testing how it works all of this about session, i wasnt able to get it to
> work in a new application just using spring boot , but i just did it on
> friday. what i was missing it was use the session and not only a getter or
> endpoint without any use of the session.
> it seems to get it to work that you need to use the session, the
> configuration is already working
> <Manager className="org.apache.catalina.session.PersistentManager"
> maxInactiveInterval="3600" debug="0" saveOnRestart="true"
> maxActiveSessions="-1" minIdleSwap="1" maxIdleSwap="2" maxIdleBackup="1" >
> <Store className="org.apache.catalina.session.JDBCStore"
> dataSourceName="jdbc/tomcat"
> driverName="com.mysql.jdbc.Driver"
> sessionAppCol="app_name"
> sessionDataCol="session_data"
> sessionIdCol="session_id"
> sessionLastAccessedCol="last_access"
> sessionMaxInactiveCol="max_inactive"
> sessionTable="tomcat_sessions"
> sessionValidCol="valid_session"
> />
> </Manager>
>
> <Resource
> name="jdbc/tomcat"
> auth="Container"
> type="javax.sql.DataSource"
> factory="org.apache.tomcat.jdbc.pool.DataSourceFactory"
> validationQuery="select 1"
> testOnBorrow="true"
> removeAbandoned="true"
> logAbandoned="true"
> jdbcInterceptors=
> "org.apache.tomcat.jdbc.pool.interceptor.ResetAbandonedTimer"
> testWhileIdle="true"
> username="root"
> password="admin"
> driverClassName="com.mysql.jdbc.Driver"
> url="jdbc:mysql://localhost:3306/tomcat?autoReconnect=true"/>
>
> jdbcInterceptors="org.apache.tomcat.jdbc.pool.interceptor.ConnectionState;
> org.apache.tomcat.jdbc.pool.interceptor.StatementFinalizer;
> org.apache.tomcat.jdbc.pool.interceptor.ResetAbandonedTimer"
> with this configuration my both application are working fine
>
> and also i created in the new application how to test it :
>
> @GetMapping("/create")
> public String testSession(HttpSession session) {
> // Add a session attribute
> session.setAttribute("testAttribute", "testValue");
>
> // Get the session ID
> String sessionId = session.getId();
>
> return "Session created with ID: " + sessionId + " and attribute added";
> }
>
> @GetMapping("/getse")
> public String getSessionAttribute(HttpSession session) {
> // Get the session ID
>
> String sessionId = session.getId();
>
> // Retrieve session attribute
> String attributeValue = (String) session.getAttribute("testAttribute");
>
> if (attributeValue != null) {
> return "Session ID: " + sessionId + ", Attribute value: " +
> attributeValue;
> } else {
> return "Session ID: " + sessionId + ", Attribute not found";
> }
> }
>
> and also added a filter to validate to create it correctly
>
> @Component
> public class SessionValidationFilter extends OncePerRequestFilter {
>
> protected void doFilterInternal(HttpServletRequest request,
> HttpServletResponse response, FilterChain filterChain) throws
> ServletException, IOException {
> String requestURI = request.getRequestURI();
>
> // Exclude the create-session endpoint from filtering
> if (requestURI.equals("/demo/create")) {
> filterChain.doFilter(request, response);
> return;
> }
>
> HttpSession session = request.getSession(false); // Do not create
> session if it doesn't exist
>
> if (session != null && session.getId() != null) {
> // Session is valid, proceed with the request
> filterChain.doFilter(request, response);
> } else {
> // Session is invalid, return an error response
> response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Session
> expired or not authenticated");
> }
> }
> }
>
>
> El lun, 12 feb 2024 a las 9:18, Christopher Schultz (<
> ch...@christopherschultz.net>) escribió:
>
>> Miguel,
>>
>> On 2/8/24 15:49, Miguel Vidal wrote:
>> > Im trying to configure correctly in 2 different applications :
>> Persistent
>> > Manager Implementation using a mysqldb as a datasource.
>>
>> Do you have both PersistentManager configurations pointing at the same
>> database and same set of tables? I think it will be rare to have session
>> id collisions, but configuring both applications to use the same storage
>> may cause very difficult to discover bugs under high usage.
>>
>> It will also increase lock contention needlessly across the two
>> applications.
>>
>> -chris
>>
>> > In one of them that is a legacy project i have some dependencies as
>> >
>> > <dependency>
>> > <groupId>org.springframework</groupId>
>> > <artifactId>spring-core</artifactId>
>> > <version>${spring.framework.version}</version>
>> > </dependency>
>> >
>> > <dependency>
>> > <groupId>org.springframework</groupId>
>> > <artifactId>spring-context</artifactId>
>> > <version>${spring.framework.version}</version>
>> > </dependency>
>> >
>> > and it is already doing the registry of the sessions in my bd.
>> > but in the other app im using a spring boot with the same configuration.
>> > I'm not able to see any registration of the sessions in my db. After the
>> > deploy of my app in a tomcat server and hit any resource example
>> > /test/resource im able to see the response correctly but i just want to
>> > know if this Persistent Manager Implementation is only for legacy
>> apps? or
>> > why is running in one and in the other is not.
>> >
>> > this is my xml for both
>> >
>> > <?xml version="1.0" encoding="UTF-8"?>
>> > <Context antiJARLocking="true" path="/nose" docBase="nose"
>> > reloadable="true" useHttpOnly="true" cookies="${uses.cookies}" >
>> >
>> > <Manager
>> > className="org.apache.catalina.session.PersistentManager"
>> > maxInactiveInterval="3600" debug="0" saveOnRestart="true"
>> > maxActiveSessions="-1" minIdleSwap="1" maxIdleSwap="2"
>> > maxIdleBackup="1" >
>> > <Store className="org.apache.catalina.session.JDBCStore"
>> > dataSourceName="jdbc/tomcat"
>> > driverName="com.mysql.jdbc.Driver"
>> > sessionAppCol="app_name"
>> > sessionDataCol="session_data"
>> > sessionIdCol="session_id"
>> > sessionLastAccessedCol="last_access"
>> > sessionMaxInactiveCol="max_inactive"
>> > sessionTable="tomcat_sessions"
>> > sessionValidCol="valid_session"
>> > />
>> > </Manager>
>> >
>> > <Resource
>> > name="jdbc/tomcat"
>> > auth="Container"
>> > type="javax.sql.DataSource"
>> > factory="org.apache.tomcat.jdbc.pool.DataSourceFactory"
>> > initialSize="${jdbc.pool.initialSize}"
>> > maxActive="${jdbc.pool.maxActive}"
>> > maxIdle="${jdbc.pool.maxIdle}"
>> > minIdle="${jdbc.pool.minIdle}"
>> > suspectTimeout="${jdbc.pool.suspectTimeout}"
>> > maxWait="${jdbc.pool.maxWait}"
>> >
>> timeBetweenEvictionRunsMillis="${jdbc.pool.timeBetweenEvictionRunsMillis}"
>> >
>> minEvictableIdleTimeMillis="${jdbc.pool.minEvictableIdleTimeMillis}"
>> > validationQuery="select 1"
>> > validationInterval="${jdbc.pool.validationInterval}"
>> > testOnBorrow="true"
>> > removeAbandoned="true"
>> >
>> removeAbandonedTimeout="${jdbc.pool.removeAbandonedTimeout}"
>> > logAbandoned="true"
>> >
>> jdbcInterceptors="org.apache.tomcat.jdbc.pool.interceptor.ResetAbandonedTimer"
>> > testWhileIdle="true"
>> > username="${jdbc.username}"
>> > password="${jdbc.password}"
>> > driverClassName="com.mysql.jdbc.Driver"
>> >
>> url="jdbc:mysql://${jdbc.host}:${jdbc.port}/tomcat?autoReconnect=true"/>
>> >
>> jdbcInterceptors="org.apache.tomcat.jdbc.pool.interceptor.ConnectionState;
>> > org.apache.tomcat.jdbc.pool.interceptor.StatementFinalizer;
>> > org.apache.tomcat.jdbc.pool.interceptor.ResetAbandonedTimer"
>> >
>> > these 2 are the guides where i learn the mayority how to do it
>> >
>> https://svn.apache.org/repos/asf/tomcat/archive/tc4.1.x/trunk/container/catalina/docs/JDBCStore-howto.html
>> >
>> https://gerrytan.wordpress.com/2013/08/21/tomcat-7-jdbc-session-persistence/
>> >
>> > im going to attach the code that im trying to know why is not working.
>> >
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>
