tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Juliano Daloia de Carvalho <judac2...@yahoo.com.br>
Subject Res: Res: Res: JSESSIONID Cookie handle customizing
Date Sat, 16 Oct 2010 12:55:14 GMT
yes Pid, we can say that is a kind of encryption.

do you know which is the first tomcat class that receives the client request? 

do you know which is the last tomcat class that is used before send the 
response 
to the client?

tks.
 
Juliano



----- Mensagem original ----
De: Pid * <pid@pidster.com>
Para: Tomcat Users List <users@tomcat.apache.org>
Enviadas: Sábado, 16 de Outubro de 2010 4:01:23
Assunto: Re: Res: Res: JSESSIONID Cookie handle customizing

So you want encrypt the session id?


p


On 15 Oct 2010, at 17:33, Juliano Daloia de Carvalho
<judac2000@yahoo.com.br> wrote:

> I need to change the value of the sessionID. If I let this to be done on the
> servlet, tomcat won't be able to identify the real session, and will send a
> redirect to login page.
>
>
>
>
> ----- Mensagem original ----
> De: Pid <pid@pidster.com>
> Para: Tomcat Users List <users@tomcat.apache.org>
> Enviadas: Sexta-feira, 15 de Outubro de 2010 13:19:54
> Assunto: Re: Res: JSESSIONID Cookie handle customizing
>
> On 15/10/2010 17:02, Juliano Daloia de Carvalho wrote:
>> I'll inject code using an agent.
>>
>> The thing is that I need to know for sure the message entering point on 
>Tomcat,
>>
>> and the leaving point also, so I can be able to sniff if the clients message
>> has
>>
>> the Cookie info with JSESSIONID= or not. and before sending to check if 
tomcat
>
>> sent set-cookie on header so I can make the change needed.
>
> Why?  What does the code do that can't be done via a Servlet Filter?
>
>
> p
>
>
>> ----- Mensagem original ----
>> De: Pid <pid@pidster.com>
>> Para: Tomcat Users List <users@tomcat.apache.org>
>> Enviadas: Sexta-feira, 15 de Outubro de 2010 12:20:37
>> Assunto: Re: JSESSIONID Cookie handle customizing
>>
>> On 15/10/2010 15:15, Juliano Daloia de Carvalho wrote:
>>> Hi Folks!
>>>
>>>       I want to put some information on the JSESSIONID that tomcat 
generates.
>>
>>
>>> I'm using aspect programming so I don´t need to change the tomcat code 
>itself.
>>
>>
>>
>> What information?
>>
>>> The
>>>
>>> thing is that I found many points where tomcat handle this information, I
>>> checked and notice that the head parser is made on the method parseSessionId
>>> and
>>>
>>>
>>> parseSessionCookiesId in the class
>> org.apache.catalina.connector.CoyoteAdapter.
>>>
>>> I'm not convinced that there is the perfect point to make my code injection.
>>
>> You are planning to inject code into the container, from a web application?
>>
>>
>> p
>>
>>> I need to find out the exactly point that this information (Cookie
>>> JSESSIONID=2222222222) is received by Tomcat and where tomcat sends this
>>> information to the browser, in other words, the first contact with this
>>> information
>>>
>>> when browser sends and the last contact before sending to browser.
>>>
>>>
>>> Thanks.
>>>
>>>
>>> Juliano
>>>
>>>
>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>
>>
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


      

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message