Miguel, On 2/19/24 11:50, Miguel Vidal wrote:
hey one question regarding this topic I'm facing an issue where my old app is doing a creation of multiple sessions but just one is the correct one or at least is who contains the data and works fine. the others sessions that are created contains random data that im not sure yet what information contains. I saw that some dependencies as javamelody create or trigger the creation of sessions.<!-- <dependency>--> <!-- <groupId>net.bull.javamelody</groupId>--> <!-- <artifactId>javamelody-core</artifactId>--> <!-- <version>1.91.0</version>--> <!-- </dependency>--> these are the blobs that were encrypted : ¬í sr java.lang.Long;‹ä Ì #ß J valuexr java.lang.Number†¬• ”à‹ xp Â*jƒsq ~ Â*¼£sr java.lang.Integer â ¤÷ ‡8 I valuexq ~ sr java.lang.BooleanÍ r€Õœúî Z valuexp sq ~ sq ~ Â*¼¥t E822F1886161BDE64BBAF294330834E0ppsq ~ t testAttributet testValue ¬í sr java.lang.Long;‹ä Ì #ß J valuexr java.lang.Number†¬• ”à‹ xp  –âsq ~  –ãsr java.lang.Integer â ¤÷ ‡8 I valuexq ~ sr java.lang.BooleanÍ r€Õœúî Z valuexp sq ~ sq ~  ™nt 07CED191BB6F3412FF9CF706F8A6CCD3ppsq ~ t org.apache.struts.action.LOCALEsr java.util.Locale~ø `œ0ùì I hashcodeL countryt Ljava/lang/String;L extensionsq ~ L languageq ~ L scriptq ~ L variantq ~ xpÿÿÿÿt USt t enq ~ q ~ x The first one is the new application where i was setting a testAttribute a "testvalue" but the other one is what im trying to figure out which process is doing that. I already turn on the logger with org.apache.catalina.session.level = ALL java.util.logging.ConsoleHandler.level=ALL I can see how the sessions are being moved to stored but is there any way to print what is saving? or to undo the encript i have a method where im hitting the bd and getting the data @GetMapping("/checkB") public Map<String, String> checkB() { logger.log(Level.INFO, "Msg"); Map<String, String> response = new HashMap<>(); try { String sql = "SELECT session_data FROM tomcat_sessions WHERE session_id='130B672C9914E98D4C11FAC8ECA621F8'"; // add your condition here String serializedData = jdbcTemplate.queryForObject(sql, String.class); Object deserializedObject = deserializeData(serializedData); // Handle the deserialized object as needed response.put("status", "success"); response.put("message", "Session data deserialized successfully."); } catch (Exception e) { e.printStackTrace(); response.put("status", "error"); response.put("message", "Failed to deserialize session data."); } return response; } private Object deserializeData(String serializedData) throws Exception { // Decode Base64 encoded serialized data byte[] serializedBytes = Base64.getDecoder().decode(serializedData); // Deserialize the data using ObjectInputStream ByteArrayInputStream bis = new ByteArrayInputStream(serializedBytes); ObjectInputStream ois = new ObjectInputStream(bis); Object deserializedObject = ois.readObject(); // Close the input streams ois.close(); bis.close(); return deserializedObject; } but it fails on the function of the decode() . Is there any way to do that?
Blast from the past.The data are not base64 encoded. They are just raw bytes. No need to base64-decode.
-chris
El lun, 12 feb 2024 a las 9:52, Miguel Vidal (<rivens...@gmail.com>) escribió:Yes both are pointing the same configuration because i was doing some testing how it works all of this about session, i wasnt able to get it to work in a new application just using spring boot , but i just did it on friday. what i was missing it was use the session and not only a getter or endpoint without any use of the session. it seems to get it to work that you need to use the session, the configuration is already working <Manager className="org.apache.catalina.session.PersistentManager" maxInactiveInterval="3600" debug="0" saveOnRestart="true" maxActiveSessions="-1" minIdleSwap="1" maxIdleSwap="2" maxIdleBackup="1" > <Store className="org.apache.catalina.session.JDBCStore" dataSourceName="jdbc/tomcat" driverName="com.mysql.jdbc.Driver" sessionAppCol="app_name" sessionDataCol="session_data" sessionIdCol="session_id" sessionLastAccessedCol="last_access" sessionMaxInactiveCol="max_inactive" sessionTable="tomcat_sessions" sessionValidCol="valid_session" /> </Manager> <Resource name="jdbc/tomcat" auth="Container" type="javax.sql.DataSource" factory="org.apache.tomcat.jdbc.pool.DataSourceFactory" validationQuery="select 1" testOnBorrow="true" removeAbandoned="true" logAbandoned="true" jdbcInterceptors= "org.apache.tomcat.jdbc.pool.interceptor.ResetAbandonedTimer" testWhileIdle="true" username="root" password="admin" driverClassName="com.mysql.jdbc.Driver" url="jdbc:mysql://localhost:3306/tomcat?autoReconnect=true"/> jdbcInterceptors="org.apache.tomcat.jdbc.pool.interceptor.ConnectionState; org.apache.tomcat.jdbc.pool.interceptor.StatementFinalizer; org.apache.tomcat.jdbc.pool.interceptor.ResetAbandonedTimer" with this configuration my both application are working fine and also i created in the new application how to test it : @GetMapping("/create") public String testSession(HttpSession session) { // Add a session attribute session.setAttribute("testAttribute", "testValue"); // Get the session ID String sessionId = session.getId(); return "Session created with ID: " + sessionId + " and attribute added"; } @GetMapping("/getse") public String getSessionAttribute(HttpSession session) { // Get the session ID String sessionId = session.getId(); // Retrieve session attribute String attributeValue = (String) session.getAttribute("testAttribute"); if (attributeValue != null) { return "Session ID: " + sessionId + ", Attribute value: " + attributeValue; } else { return "Session ID: " + sessionId + ", Attribute not found"; } } and also added a filter to validate to create it correctly @Component public class SessionValidationFilter extends OncePerRequestFilter { protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { String requestURI = request.getRequestURI(); // Exclude the create-session endpoint from filtering if (requestURI.equals("/demo/create")) { filterChain.doFilter(request, response); return; } HttpSession session = request.getSession(false); // Do not create session if it doesn't exist if (session != null && session.getId() != null) { // Session is valid, proceed with the request filterChain.doFilter(request, response); } else { // Session is invalid, return an error response response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Session expired or not authenticated"); } } } El lun, 12 feb 2024 a las 9:18, Christopher Schultz (< ch...@christopherschultz.net>) escribió:Miguel, On 2/8/24 15:49, Miguel Vidal wrote:Im trying to configure correctly in 2 different applications :PersistentManager Implementation using a mysqldb as a datasource.Do you have both PersistentManager configurations pointing at the same database and same set of tables? I think it will be rare to have session id collisions, but configuring both applications to use the same storage may cause very difficult to discover bugs under high usage. It will also increase lock contention needlessly across the two applications. -chrisIn one of them that is a legacy project i have some dependencies as <dependency> <groupId>org.springframework</groupId> <artifactId>spring-core</artifactId> <version>${spring.framework.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-context</artifactId> <version>${spring.framework.version}</version> </dependency> and it is already doing the registry of the sessions in my bd. but in the other app im using a spring boot with the same configuration. I'm not able to see any registration of the sessions in my db. After the deploy of my app in a tomcat server and hit any resource example /test/resource im able to see the response correctly but i just want to know if this Persistent Manager Implementation is only for legacyapps? orwhy is running in one and in the other is not. this is my xml for both <?xml version="1.0" encoding="UTF-8"?> <Context antiJARLocking="true" path="/nose" docBase="nose" reloadable="true" useHttpOnly="true" cookies="${uses.cookies}" > <Manager className="org.apache.catalina.session.PersistentManager" maxInactiveInterval="3600" debug="0" saveOnRestart="true" maxActiveSessions="-1" minIdleSwap="1" maxIdleSwap="2" maxIdleBackup="1" > <Store className="org.apache.catalina.session.JDBCStore" dataSourceName="jdbc/tomcat" driverName="com.mysql.jdbc.Driver" sessionAppCol="app_name" sessionDataCol="session_data" sessionIdCol="session_id" sessionLastAccessedCol="last_access" sessionMaxInactiveCol="max_inactive" sessionTable="tomcat_sessions" sessionValidCol="valid_session" /> </Manager> <Resource name="jdbc/tomcat" auth="Container" type="javax.sql.DataSource" factory="org.apache.tomcat.jdbc.pool.DataSourceFactory" initialSize="${jdbc.pool.initialSize}" maxActive="${jdbc.pool.maxActive}" maxIdle="${jdbc.pool.maxIdle}" minIdle="${jdbc.pool.minIdle}" suspectTimeout="${jdbc.pool.suspectTimeout}" maxWait="${jdbc.pool.maxWait}"timeBetweenEvictionRunsMillis="${jdbc.pool.timeBetweenEvictionRunsMillis}"minEvictableIdleTimeMillis="${jdbc.pool.minEvictableIdleTimeMillis}"validationQuery="select 1" validationInterval="${jdbc.pool.validationInterval}" testOnBorrow="true" removeAbandoned="true"removeAbandonedTimeout="${jdbc.pool.removeAbandonedTimeout}"logAbandoned="true"jdbcInterceptors="org.apache.tomcat.jdbc.pool.interceptor.ResetAbandonedTimer"testWhileIdle="true" username="${jdbc.username}" password="${jdbc.password}" driverClassName="com.mysql.jdbc.Driver"url="jdbc:mysql://${jdbc.host}:${jdbc.port}/tomcat?autoReconnect=true"/>jdbcInterceptors="org.apache.tomcat.jdbc.pool.interceptor.ConnectionState;org.apache.tomcat.jdbc.pool.interceptor.StatementFinalizer; org.apache.tomcat.jdbc.pool.interceptor.ResetAbandonedTimer" these 2 are the guides where i learn the mayority how to do ithttps://svn.apache.org/repos/asf/tomcat/archive/tc4.1.x/trunk/container/catalina/docs/JDBCStore-howto.htmlhttps://gerrytan.wordpress.com/2013/08/21/tomcat-7-jdbc-session-persistence/im going to attach the code that im trying to know why is not working.--------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
--------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org