Menu
We are trying to print session id in access logs using '%S' in server.xml. The application is developed using angular js.
However it prints "-" instead of session id.
server.xml
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log" suffix=".txt"
pattern="sessionId=%S host=%h %l %u %t "%r" %s %b" />
Access Logs:
sessionId=- host=127.0.0.1 - - [12/May/2017:13:44:32 +0100] "GET /application/img/sort-icn-down.png HTTP/1.1" 200 1114
Does angular js application create session id automatically?
735
Tomcat's session ID is only unique within all existing active sessions. The Servlet spec does not forbid to reuse the ID of an expired session for a new session at some point, months or years later. With a fixed length 32-char hexadecimal string as session ID, all possible IDs are not "unlimited".
Where session data are stored ? Tomcat's sessions are stored according to chosen session manager. If we pick the standard manager (StandardManager class saw previously), all session data will be saved into Java heap.
A Session is the Catalina-internal facade for an HttpSession that is used to maintain state information between requests for a particular user of a web application.
The Session ID will only show if your server side application creates one, and that depends on the framework you're using... Spring MVC, for example, always creates a new Session ID if there's no Session ID in the request.
Let me show a simple test I did with a Spring MVC project and Tomcat:
Consider the following snippet from my server.xml
<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="logs" prefix="localhost_access_log." suffix=".txt"
pattern="%h %l %u %t "%r" %s %b session-id %S" />
Consider that I don't have any cookies in my first access opening an image:
127.0.0.1 - - [26/Jun/2017:18:40:53 -0300] "GET /webapp/images/login.png HTTP/1.1" 200 29646 session-id -
Since it's a image that is not handled by Spring, my server won't create a session id... Accessing again will not help
127.0.0.1 - - [26/Jun/2017:18:42:52 -0300] "GET /webapp/images/login.png HTTP/1.1" 304 - session-id -
But if I access a method handled by Spring MVC it will create a new session (and I don't have full control over the session's creation)
127.0.0.1 - - [26/Jun/2017:18:45:16 -0300] "GET /webapp/pages/users.json HTTP/1.1" 200 110 session-id 068FCCF5BC04EDEEC830E3E8CDF2CCDB
Now, accessing the same image from before, the client will send the session ID in the request and Tomcat will be able to log it
127.0.0.1 - - [26/Jun/2017:18:48:09 -0300] "GET /webapp/images/login.png HTTP/1.1" 200 29646 session-id 068FCCF5BC04EDEEC830E3E8CDF2CCDB
So no Session Id will be created for images, scripts or other static resources. But it's really up to your implementation or the framework you are using... And just so you know, the JSESSIONID is in the Servlet 3.0 specification (ch 7.1.1 cookies, pg 55).
199
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
