On 29.05.2009 18:58, Tim Funk wrote:
> Add this to your footer?
> SESSION ID: ${pageContext.session.id}
Beware though, that in some security sensitive contexts this is not
adequate, e.g. if users print out or save pages and share those with
others, session takeover is made much more simple (at least in cases
they do not log out and the session timeout is long relative to the
communication latency).
If the name of the node is already enough, set a system property during
startup to the name of the node (or some unique symbolic name) and only
include the value of the system property on the page. You can also use
the same system property to set the jvmRoute in server.xml.
If you use "jvmRoute" as the name of the system property, the internal
Tomcat jvmRoute will be automatically set from its value.
To quickly identify the users in the access log:
The support could tell customers to add "?garbage" (choose your
favourite marker) at the end of the URL and send it again. You will
likely easily find this request in the logs (and thus get the IP etc.).
Furthermore you can log the session id in the apache access logs via
%{JSESSIONID}C or in the Tomcat logs via %S. Sou you can find the other
requests from the garbage one by comparing logged session ids.
Regards,
Rainer
> Chetan Chheda wrote:
>> All,
>> In our production environment we load balance across 4 tomcats
>> that are split among 2 physical servers. This is a high traffic
>> website and we get calls from users for a number of support issues and
>> for most of these issues the first step is to find out what tomcat
>> instance they ended up in.
>> Is there anyway we can add the tomcat sessionID to their page so
>> that they can tell us where they are?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
