-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Terry,
On 4/12/2010 11:23 AM, Terry Horner wrote: > org.apache.catalina.valves.ExtendedAccessLogValve the definition is within > the host, not the context. > The log pattern string is now > "c-dns x-H(remoteUser) date time x-H(protocol) cs-method cs-uri sc-status > cs(Cookie) " > I have trimmed out the "JSESSIONID=" and any other cookies, because it used > to be "c-dns x-H(remoteUser) date time x-H(protocol) cs-method cs-uri > sc-status x-H(requestedSessionId) cs(Referer) cs(User-Agent) time-taken > cs(Cookie)" and I trimmed off all of the extra stuff at the end. It seemed > like changing format halfway through would be unhelpful Okay. Check to see if these is a discrepancy between cs(Cookie), x-H(requestedSessionId), x-H(requestedSessionIdFromCookie), x-H(requestedSessionIdValid). Also, you might want to use Wireshark or something else to verify that there's only one JSESSIONID cookie being sent. If you have two cookies with different ids (which can happen if they have different paths), that'll screw things up. >> No, the JSESSIONID cookie should be deleted from the client when >> you log out. Can you verify that this is true by looking at your >> web browser's cookie store during and after your session? > > If I am on the logout.html page and do a javascript:alert(document.cookie); > it shows a JSESSIONID cookie and no others (this is also true on older > versions of 6.0) - the cookie store shows the same cookie. It's a new cookie, > unrelated to any of the requests before it. > localhost '44-000' 2010-04-12 15:10:15 'HTTP/1.1' GET > /frontend/images/global/image10.gif 200 '9394BACA2D' > localhost '44-000' 2010-04-12 15:10:17 'HTTP/1.1' GET > /logout.html?timestamp=1271085014943 200 '9394BACA2D' > localhost - 2010-04-12 15:10:17 'HTTP/1.1' GET /includes/logout.css 200 > '9F16E6DAF0' > localhost - 2010-04-12 15:10:17 'HTTP/1.1' GET > /frontend/images/global/logoutimg.jpg 200 '9F16E6DAF0' > If I refresh the page the cookie changes, but there is still a cookie. JSPs will create a session (and therefore a JSESSIONID cookie) unless they are declared with <@page session="false" @>. Are you hitting any dynamic resources from your logout page? > No, I wanted to make sure everything was there. I assumed it had > changed as a result of the javascriptservlet request somehow - the > javascript doesn't normally take 36 seconds to reach the browser. Heh, yeah, that's pretty unreasonable. I think it might be time to look at the HTTP conversation that's going on. That's the only way I found out that I had two cookies with different paths fighting each other. :) - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkvDZUIACgkQ9CaO5/Lv0PDSNgCfaCNNHumDZx8Zcbw+J5anqCqh ewAAn01t0XMHuDFgpmy1Cd3MgOj1pyNH =omST -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
