Re: Persistent Manager Implementation Question

Mon, 08 Jul 2024 09:52:54 -0700 

Miguel,

On 2/19/24 11:50, Miguel Vidal wrote:

hey one question regarding this topic I'm facing an issue where my old app
is doing a creation of multiple sessions but just one is the correct one or
at least is who contains the data and works fine. the others sessions that
are created contains random data that im not sure yet what information
contains. I saw that some dependencies as javamelody create or trigger the
creation of sessions.

<!-- <dependency>-->
<!-- <groupId>net.bull.javamelody</groupId>-->
<!-- <artifactId>javamelody-core</artifactId>-->
<!-- <version>1.91.0</version>-->
<!-- </dependency>-->

these are the blobs  that were encrypted :
¬í sr java.lang.Long;‹ä Ì #ß J valuexr java.lang.Number†¬• ”à‹  xp   Â*jƒsq
~     Â*¼£sr java.lang.Integer â ¤÷ ‡8 I valuexq ~   sr java.lang.BooleanÍ
r€Õœúî Z valuexp sq ~ sq ~     Â*¼¥t  E822F1886161BDE64BBAF294330834E0ppsq
~   t
testAttributet testValue

¬í sr java.lang.Long;‹ä Ì #ß J valuexr java.lang.Number†¬• ”à‹  xp    –âsq
~      –ãsr java.lang.Integer â ¤÷ ‡8 I valuexq ~   sr java.lang.BooleanÍ
r€Õœúî Z valuexp sq ~ sq ~      ™nt  07CED191BB6F3412FF9CF706F8A6CCD3ppsq
~   t org.apache.struts.action.LOCALEsr java.util.Locale~ø `œ0ùì I
hashcodeL countryt Ljava/lang/String;L
extensionsq ~ L languageq ~ L scriptq ~ L variantq ~ xpÿÿÿÿt USt  t enq ~ q
~ x

The first one is the new application where i was setting a testAttribute a
"testvalue"
but the other one is what im trying to figure out which process is doing
that.
I already turn on the logger with
org.apache.catalina.session.level = ALL
java.util.logging.ConsoleHandler.level=ALL

I can see how the sessions are being moved to stored but is there any way
to print what is saving? or to undo the encript i have a method where im
hitting the bd and getting the data

@GetMapping("/checkB")
public Map<String, String> checkB() {

     logger.log(Level.INFO, "Msg");

     Map<String, String> response = new HashMap<>();
     try {
         String sql = "SELECT session_data FROM tomcat_sessions WHERE
session_id='130B672C9914E98D4C11FAC8ECA621F8'"; // add your condition
here
         String serializedData = jdbcTemplate.queryForObject(sql, String.class);
         Object deserializedObject = deserializeData(serializedData);
         // Handle the deserialized object as needed

         response.put("status", "success");
         response.put("message", "Session data deserialized successfully.");
     } catch (Exception e) {
         e.printStackTrace();
         response.put("status", "error");
         response.put("message", "Failed to deserialize session data.");
     }
     return response;
}

private Object deserializeData(String serializedData) throws Exception {
     // Decode Base64 encoded serialized data
     byte[] serializedBytes = Base64.getDecoder().decode(serializedData);

     // Deserialize the data using ObjectInputStream
     ByteArrayInputStream bis = new ByteArrayInputStream(serializedBytes);
     ObjectInputStream ois = new ObjectInputStream(bis);
     Object deserializedObject = ois.readObject();

     // Close the input streams
     ois.close();
     bis.close();

     return deserializedObject;
}

but it fails on the function of the decode() . Is there any way to do that?


Blast from the past.
The data are not base64 encoded. They are just raw bytes. No need to base64-decode. 

-chris


El lun, 12 feb 2024 a las 9:52, Miguel Vidal (<rivens...@gmail.com>)
escribió:


Yes both are pointing the same configuration because i was doing some
testing how it works all of this about session, i wasnt able to get it to
work in a new application just using spring boot , but i just did it on
friday. what i was missing it was use the session and not only a getter or
endpoint without any use of the session.
  it seems to get it to  work that you need to use the session, the
configuration is already working
         <Manager className="org.apache.catalina.session.PersistentManager"
maxInactiveInterval="3600" debug="0" saveOnRestart="true"
maxActiveSessions="-1" minIdleSwap="1" maxIdleSwap="2" maxIdleBackup="1" >
             <Store className="org.apache.catalina.session.JDBCStore"
                    dataSourceName="jdbc/tomcat"
                    driverName="com.mysql.jdbc.Driver"
                    sessionAppCol="app_name"
                    sessionDataCol="session_data"
                    sessionIdCol="session_id"
                    sessionLastAccessedCol="last_access"
                    sessionMaxInactiveCol="max_inactive"
                    sessionTable="tomcat_sessions"
                    sessionValidCol="valid_session"
             />
        </Manager>

         <Resource
             name="jdbc/tomcat"
             auth="Container"
             type="javax.sql.DataSource"
             factory="org.apache.tomcat.jdbc.pool.DataSourceFactory"
             validationQuery="select 1"
             testOnBorrow="true"
             removeAbandoned="true"
             logAbandoned="true"
             jdbcInterceptors=
"org.apache.tomcat.jdbc.pool.interceptor.ResetAbandonedTimer"
             testWhileIdle="true"
             username="root"
             password="admin"
             driverClassName="com.mysql.jdbc.Driver"
             url="jdbc:mysql://localhost:3306/tomcat?autoReconnect=true"/>

jdbcInterceptors="org.apache.tomcat.jdbc.pool.interceptor.ConnectionState;
     org.apache.tomcat.jdbc.pool.interceptor.StatementFinalizer;
     org.apache.tomcat.jdbc.pool.interceptor.ResetAbandonedTimer"
with this configuration my both application are working fine

and also i created in the new application how to test it :

@GetMapping("/create")
public String testSession(HttpSession session) {
     // Add a session attribute
     session.setAttribute("testAttribute", "testValue");

     // Get the session ID
     String sessionId = session.getId();

     return "Session created with ID: " + sessionId + " and attribute added";
}

@GetMapping("/getse")
public String getSessionAttribute(HttpSession session) {
     // Get the session ID

     String sessionId = session.getId();

     // Retrieve session attribute
     String attributeValue = (String) session.getAttribute("testAttribute");

     if (attributeValue != null) {
         return "Session ID: " + sessionId + ", Attribute value: " + 
attributeValue;
     } else {
         return "Session ID: " + sessionId + ", Attribute not found";
     }
}

and also added a filter to validate to create it correctly

@Component
public class SessionValidationFilter extends OncePerRequestFilter {

     protected void doFilterInternal(HttpServletRequest request, 
HttpServletResponse response, FilterChain filterChain) throws ServletException, 
IOException {
         String requestURI = request.getRequestURI();

         // Exclude the create-session endpoint from filtering
         if (requestURI.equals("/demo/create")) {
             filterChain.doFilter(request, response);
             return;
         }

         HttpSession session = request.getSession(false); // Do not create 
session if it doesn't exist

         if (session != null && session.getId() != null) {
             // Session is valid, proceed with the request
             filterChain.doFilter(request, response);
         } else {
             // Session is invalid, return an error response
             response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Session 
expired or not authenticated");
         }
     }
}


El lun, 12 feb 2024 a las 9:18, Christopher Schultz (<
ch...@christopherschultz.net>) escribió:


Miguel,

On 2/8/24 15:49, Miguel Vidal wrote:

Im trying to configure correctly in 2 different applications :

Persistent

Manager Implementation using a mysqldb as a datasource.


Do you have both PersistentManager configurations pointing at the same
database and same set of tables? I think it will be rare to have session
id collisions, but configuring both applications to use the same storage
may cause very difficult to discover bugs under high usage.

It will also increase lock contention needlessly across the two
applications.

-chris


In one of them that is a legacy project i have some dependencies as

<dependency>
      <groupId>org.springframework</groupId>
      <artifactId>spring-core</artifactId>
      <version>${spring.framework.version}</version>
</dependency>

<dependency>
      <groupId>org.springframework</groupId>
      <artifactId>spring-context</artifactId>
      <version>${spring.framework.version}</version>
</dependency>

and it is already doing the registry of the sessions in my bd.
but in the other app im using a spring boot with the same configuration.
I'm not able to see any registration of the sessions in my db. After the
deploy of my app in a tomcat server and hit any resource example
/test/resource im able to see the response correctly but i just want to
know if this  Persistent Manager Implementation is only for legacy

apps? or

why is running in one and in the other is not.

this is my xml for both

<?xml version="1.0" encoding="UTF-8"?>
<Context antiJARLocking="true" path="/nose" docBase="nose"
reloadable="true" useHttpOnly="true"  cookies="${uses.cookies}" >

          <Manager
className="org.apache.catalina.session.PersistentManager"
maxInactiveInterval="3600" debug="0" saveOnRestart="true"
maxActiveSessions="-1" minIdleSwap="1" maxIdleSwap="2"
maxIdleBackup="1" >
              <Store className="org.apache.catalina.session.JDBCStore"
                     dataSourceName="jdbc/tomcat"
                     driverName="com.mysql.jdbc.Driver"
                     sessionAppCol="app_name"
                     sessionDataCol="session_data"
                     sessionIdCol="session_id"
                     sessionLastAccessedCol="last_access"
                     sessionMaxInactiveCol="max_inactive"
                     sessionTable="tomcat_sessions"
                     sessionValidCol="valid_session"
              />
          </Manager>

      <Resource
              name="jdbc/tomcat"
              auth="Container"
              type="javax.sql.DataSource"
              factory="org.apache.tomcat.jdbc.pool.DataSourceFactory"
              initialSize="${jdbc.pool.initialSize}"
              maxActive="${jdbc.pool.maxActive}"
              maxIdle="${jdbc.pool.maxIdle}"
              minIdle="${jdbc.pool.minIdle}"
              suspectTimeout="${jdbc.pool.suspectTimeout}"
              maxWait="${jdbc.pool.maxWait}"


timeBetweenEvictionRunsMillis="${jdbc.pool.timeBetweenEvictionRunsMillis}"



minEvictableIdleTimeMillis="${jdbc.pool.minEvictableIdleTimeMillis}"

              validationQuery="select 1"
              validationInterval="${jdbc.pool.validationInterval}"
              testOnBorrow="true"
              removeAbandoned="true"


removeAbandonedTimeout="${jdbc.pool.removeAbandonedTimeout}"

              logAbandoned="true"


jdbcInterceptors="org.apache.tomcat.jdbc.pool.interceptor.ResetAbandonedTimer"

              testWhileIdle="true"
              username="${jdbc.username}"
              password="${jdbc.password}"
              driverClassName="com.mysql.jdbc.Driver"


url="jdbc:mysql://${jdbc.host}:${jdbc.port}/tomcat?autoReconnect=true"/>



jdbcInterceptors="org.apache.tomcat.jdbc.pool.interceptor.ConnectionState;

      org.apache.tomcat.jdbc.pool.interceptor.StatementFinalizer;
      org.apache.tomcat.jdbc.pool.interceptor.ResetAbandonedTimer"

these 2  are the guides where i learn the mayority how to do it


https://svn.apache.org/repos/asf/tomcat/archive/tc4.1.x/trunk/container/catalina/docs/JDBCStore-howto.html



https://gerrytan.wordpress.com/2013/08/21/tomcat-7-jdbc-session-persistence/


im going to attach the code that im trying to know why is not working.



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org






---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to