-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Terry,
On 4/12/2010 9:23 AM, Terry Horner wrote: > Looking at old logfiles from slightly older tomcat 6.0 versions this seems to > be normal - this request in the last step in the request data page->get sent > to logon page->send username and password->get forwarded to data page process. > The original request to dataservlet1 didn't have a cookie assigned, so this > one doesn't either. No, the difference between an authenticated user and an unauthenticated one is the presence of the cookie: otherwise, the server has no idea who the client is. Without the cookie, there is no identifying information. The absence of that cookie is concerning. How are you generating this log file? Using the AccessLogValve? At what level (server or Context)? And what is your log pattern string? > The original request to dataservlet2 had a cookie assigned, so this > one does too. (Is my interpretation. I'm far from sure) This may have > something to do with why this logon works. The request for > dataservlet1 above doesn't have a cookie, and doesn't stick, this > request does have a cookie, and does stick (albeit with a different > session ID) That's what I'm thinking, but it should all be the same code. Something about your app make this different somehow. > If you log on, go through this process, log off again, then log on > again there isn't a problem - my theory is that this is because when > you are logged off there is still a JSESSIONID cookie present (it > points at an invalid session), and that somehow everything works if > you send a JSESSIONID cookie, nomatter what its value. No, the JSESSIONID cookie should be deleted from the client when you log out. Can you verify that this is true by looking at your web browser's cookie store during and after your session? > I mentioned before that I had abridged the access log - my aim was to > keep the clutter out of the way - the full log for around this point > is more like[:] > > localhost 'user75' 2010-04-09 15:32:22 'HTTP/1.1' GET > /dataservlet1?timestamp=1205168884309 200 - - > localhost - 2010-04-09 15:32:22 'HTTP/1.1' GET /frontend/includes/general.css > 200 '08E40C3900' - > localhost - 2010-04-09 15:32:22 'HTTP/1.1' GET /frontend/includes/ie.css 200 > '08E40C3900' - > localhost - 2010-04-09 15:32:22 'HTTP/1.1' GET > /frontend/includes/functions.js 200 '08E40C3900' - > localhost - 2010-04-09 15:32:22 'HTTP/1.1' GET /frontend/includes/1.js 200 > '08E40C3900' - > localhost - 2010-04-09 15:32:22 'HTTP/1.1' GET /frontend/includes/2.js 200 > '08E40C3900' - > localhost - 2010-04-09 15:32:23 'HTTP/1.1' GET /frontend/includes/3.js 200 > '08E40C3900' - Good: all the same cookie value ;) > localhost - 2010-04-09 15:32:24 'HTTP/1.1' GET > javascriptservlet?request=common.js 200 '08E40C3900' - There is no leading slash on that URL which looks funny to me. It's unlikely to be the problem, but it certainly doesn't look right. > localhost - 2010-04-09 15:33:00 'HTTP/1.1' GET > /frontend/images/global/image1.jpg 200 'B5F7F32D85' - > localhost - 2010-04-09 15:33:00 'HTTP/1.1' GET > /frontend/images/global/image2.gif 200 'B5F7F32D85' - > localhost - 2010-04-09 15:33:00 'HTTP/1.1' GET > /frontend/images/global/image3.gif 200 'B5F7F32D85' - > localhost - 2010-04-09 15:33:00 'HTTP/1.1' GET > /frontend/images/global/logo.gif 200 'B5F7F32D85' - > localhost - 2010-04-09 15:33:00 'HTTP/1.1' GET > /frontend/images/global/image4.gif 200 'B5F7F32D85' - > localhost - 2010-04-09 15:33:00 'HTTP/1.1' GET > /frontend/images/global/image5.jpg 200 'B5F7F32D85' - > localhost - 2010-04-09 15:33:00 'HTTP/1.1' GET > /frontend/images/global/image6.gif 200 'B5F7F32D85' - > localhost - 2010-04-09 15:33:00 'HTTP/1.1' GET > /frontend/images/global/image7.jpg 200 'B5F7F32D85' - > localhost - 2010-04-09 15:33:00 'HTTP/1.1' GET > /frontend/images/global/image8.gif 200 'B5F7F32D85' - > localhost - 2010-04-09 15:33:01 'HTTP/1.1' GET > /frontend/images/global/image9.gif 200 'B5F7F32D85' - > localhost - 2010-04-09 15:33:02 'HTTP/1.1' GET > /dataservlet2?timestamp=1270827182637 200 'B5F7F32D85' - ... and now the cookie value has changed for no reason that I can see. Did you omit some of the log again? Say, an authentication attempt? - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkvDJIEACgkQ9CaO5/Lv0PCj2wCfSO08ROQuugnz/TMATu9lAav3 z7cAnjXGz1Kj8glz8O7gYjKBMYLo3BGi =+/hi -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
