tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Pid *" <...@pidster.com>
Subject Re: Res: Res: JSESSIONID Cookie handle customizing
Date Sat, 16 Oct 2010 07:01:23 GMT
So you want encrypt the session id?


p


On 15 Oct 2010, at 17:33, Juliano Daloia de Carvalho
<judac2000@yahoo.com.br> wrote:

> I need to change the value of the sessionID. If I let this to be done on the
> servlet, tomcat won't be able to identify the real session, and will send a
> redirect to login page.
>
>
>
>
> ----- Mensagem original ----
> De: Pid <pid@pidster.com>
> Para: Tomcat Users List <users@tomcat.apache.org>
> Enviadas: Sexta-feira, 15 de Outubro de 2010 13:19:54
> Assunto: Re: Res: JSESSIONID Cookie handle customizing
>
> On 15/10/2010 17:02, Juliano Daloia de Carvalho wrote:
>> I'll inject code using an agent.
>>
>> The thing is that I need to know for sure the message entering point on Tomcat,
>>
>> and the leaving point also, so I can be able to sniff if the clients message
>> has
>>
>> the Cookie info with JSESSIONID= or not. and before sending to check if tomcat
>
>> sent set-cookie on header so I can make the change needed.
>
> Why?  What does the code do that can't be done via a Servlet Filter?
>
>
> p
>
>
>> ----- Mensagem original ----
>> De: Pid <pid@pidster.com>
>> Para: Tomcat Users List <users@tomcat.apache.org>
>> Enviadas: Sexta-feira, 15 de Outubro de 2010 12:20:37
>> Assunto: Re: JSESSIONID Cookie handle customizing
>>
>> On 15/10/2010 15:15, Juliano Daloia de Carvalho wrote:
>>> Hi Folks!
>>>
>>>       I want to put some information on the JSESSIONID that tomcat generates.
>>
>>
>>> I'm using aspect programming so I donĀ“t need to change the tomcat code itself.
>>
>>
>>
>> What information?
>>
>>> The
>>>
>>> thing is that I found many points where tomcat handle this information, I
>>> checked and notice that the head parser is made on the method parseSessionId
>>> and
>>>
>>>
>>> parseSessionCookiesId in the class
>> org.apache.catalina.connector.CoyoteAdapter.
>>>
>>> I'm not convinced that there is the perfect point to make my code injection.
>>
>> You are planning to inject code into the container, from a web application?
>>
>>
>> p
>>
>>> I need to find out the exactly point that this information (Cookie
>>> JSESSIONID=2222222222) is received by Tomcat and where tomcat sends this
>>> information to the browser, in other words, the first contact with this
>>> information
>>>
>>> when browser sends and the last contact before sending to browser.
>>>
>>>
>>> Thanks.
>>>
>>>
>>> Juliano
>>>
>>>
>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>
>>
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message