tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Konstantin Kolinko <>
Subject Re: Form Authentication POST data not preserved?
Date Sun, 05 Feb 2012 14:29:06 GMT
2012/2/5 Jess Holle <>:
> I've done all the basic troubleshooting tweaks I can think of, trying 7.0.25
> and 7.0.23, switching my web.xml back to the 2.5 spec level, reducing from a
> combination of 2 JNDI realms to 1, cranking lots of loggers up to full
> verbosity, etc.
> In all cases I lose the POST parameters.

1. You have to pay attention to Cookie/Set-Cookie headers that are
sent between Server and Client. The value there is session id.

Just a note: upon successful authentication there should be one more
Set-Cookie header sent by the server, because session id will be
changed (but not the session itself).

You can use browser plugins (like Firefox  Live Http Headers or
Firebug), network sniffers (Wireshark) or just configure your access
log to log those headers.

The standard Tomcat Manager web application can be used to inspect
active sessions and their attributes.

2. Enable debug logging for FormAuthenticator class.


If you configure logging to use OneLineFormatter, it will include
thread id and it will be easier to match it against access log (if
access log is configured to print thread ids as well). E.g. =

> I guess I either ignore this (ouch) or really dig into debugging Tomcat's
> internals (which while far easier than trying to do so with httpd is still
> not where I'd wanted to spend my time).

Best regards,
Konstantin Kolinko

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message