tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pid <>
Subject Re: Res: Res: Res: JSESSIONID Cookie handle customizing
Date Sat, 16 Oct 2010 18:00:42 GMT
On 16/10/2010 13:55, Juliano Daloia de Carvalho wrote:
> yes Pid, we can say that is a kind of encryption.

What do you gain by encrypting the session id?

> do you know which is the first tomcat class that receives the client request? 
> do you know which is the last tomcat class that is used before send the 
> response to the client?

It's not that simple.

Mark told you how to modify the session id in a previous email.

You've stated that you want to change the session id, but also that you
want to add an attribute to the request.  The term 'attribute' has
special meaning when talking about Servlet requests.

You may find it difficult to modify the session id and add stuff to the
request in the same code.

I really think you should explain what it is you're trying to achieve,
and why; more meaningful advice is difficult without an understanding
what the goal is.

Regardless, the Tomcat source code is available for anyone to examine
and connecting a profiler or VisualVM to a running Tomcat will give you
a vast amount of information to use.


View raw message