Re: User tracking/monitoring
Thanks Tim and Chuck. Tim, Is this something a novice programmer like me can add to our Footer.jsp file? Can you add your recommendation to a code snippet , I would really appreciate it. Chuck, Can you tell me more about 2? How would the sessionId be displayed in the page with that method? Can you demonstrate that to me with a small example? 3 wont work as most of the users are business users and designers who are not that savvy. Thank you so much! Chetan From: Caldarale, Charles R chuck.caldar...@unisys.com To: Tomcat Users List users@tomcat.apache.org Sent: Friday, May 29, 2009 1:59:01 PM Subject: RE: User tracking/monitoring From: Chetan Chheda [mailto:chetan_chh...@yahoo.com] Subject: User tracking/monitoring Is there anyway we can add the tomcat sessionID to their page so that they can tell us where they are? Besides adding it to some common component of each page of the web site as Tim suggested, you could do any of the following: 1) Disable cookies and use URL rewriting, forcing the session ID into the URL (can't really recommend that). 2) Add a filter or valve to append the session ID to each response. 3) Have the users look in the cookie cache of the browser when they have a problem. Tim's suggestion or perhaps #3 would seem to be the simplest. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: User tracking/monitoring
The snippet I post was the snippet. (if you are using jsp) But it can
have security side effects. A safer snippet might be this:
%@ taglib uri=http://java.sun.com/jsp/jstl/functions; prefix=fn %
${(fn:split(pageContext.session.id,
'.')[fn:length(fn:split(pageContext.session.id, '.'))-1])}
Which splits the session id apart by '.' and typically - the last part
of the session is the jvmroute (aka the server which served the request)
Anyone with knowledge of JSTL should have no problem incorporating the
above snippet. If you have trouble with the above - seek a trusted
consultant for help. The money will be well spent.
-Tim
Chetan Chheda wrote:
Thanks Tim and Chuck.
Tim,
Is this something a novice programmer like me can add to our Footer.jsp file? Can you add your recommendation to a code snippet , I would really appreciate it.
Chuck,
Can you tell me more about 2? How would the sessionId be displayed in the page with that method? Can you demonstrate that to me with a small example?
3 wont work as most of the users are business users and designers who are not that savvy.
Thank you so much!
Chetan
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: User tracking/monitoring
I had to add
%= request.getSession().getId()%
for it to display the sessionId.
Tim,
Can you elaborate on what the side effects would be to display the full
sessionId as compared to just the session route?
Chetan
From: Tim Funk funk...@apache.org
To: Tomcat Users List users@tomcat.apache.org
Sent: Monday, June 1, 2009 11:54:26 AM
Subject: Re: User tracking/monitoring
The snippet I post was the snippet. (if you are using jsp) But it can have
security side effects. A safer snippet might be this:
%@ taglib uri=http://java.sun.com/jsp/jstl/functions; prefix=fn %
${(fn:split(pageContext.session.id,
'.')[fn:length(fn:split(pageContext.session.id, '.'))-1])}
Which splits the session id apart by '.' and typically - the last part of the
session is the jvmroute (aka the server which served the request)
Anyone with knowledge of JSTL should have no problem incorporating the above
snippet. If you have trouble with the above - seek a trusted consultant for
help. The money will be well spent.
-Tim
Chetan Chheda wrote:
Thanks Tim and Chuck.
Tim,
Is this something a novice programmer like me can add to our Footer.jsp
file? Can you add your recommendation to a code snippet , I would really
appreciate it.
Chuck,
Can you tell me more about 2? How would the sessionId be displayed in the
page with that method? Can you demonstrate that to me with a small example?
3 wont work as most of the users are business users and designers who are not
that savvy.
Thank you so much! Chetan
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: User tracking/monitoring
Already answered in this thread here: http://www.nabble.com/Re%3A-User-tracking-monitoring-p23792941.html -Tim Chetan Chheda wrote: I had to add %= request.getSession().getId()% for it to display the sessionId. Tim, Can you elaborate on what the side effects would be to display the full sessionId as compared to just the session route? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: User tracking/monitoring
On 29.05.2009 18:58, Tim Funk wrote:
Add this to your footer?
SESSION ID: ${pageContext.session.id}
Beware though, that in some security sensitive contexts this is not
adequate, e.g. if users print out or save pages and share those with
others, session takeover is made much more simple (at least in cases
they do not log out and the session timeout is long relative to the
communication latency).
If the name of the node is already enough, set a system property during
startup to the name of the node (or some unique symbolic name) and only
include the value of the system property on the page. You can also use
the same system property to set the jvmRoute in server.xml.
If you use jvmRoute as the name of the system property, the internal
Tomcat jvmRoute will be automatically set from its value.
To quickly identify the users in the access log:
The support could tell customers to add ?garbage (choose your
favourite marker) at the end of the URL and send it again. You will
likely easily find this request in the logs (and thus get the IP etc.).
Furthermore you can log the session id in the apache access logs via
%{JSESSIONID}C or in the Tomcat logs via %S. Sou you can find the other
requests from the garbage one by comparing logged session ids.
Regards,
Rainer
Chetan Chheda wrote:
All,
In our production environment we load balance across 4 tomcats
that are split among 2 physical servers. This is a high traffic
website and we get calls from users for a number of support issues and
for most of these issues the first step is to find out what tomcat
instance they ended up in.
Is there anyway we can add the tomcat sessionID to their page so
that they can tell us where they are?
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: User tracking/monitoring
Add this to your footer?
SESSION ID: ${pageContext.session.id}
-Tim
Chetan Chheda wrote:
All,
In our production environment we load balance across 4 tomcats that are split among 2 physical servers. This is a high traffic website and we get calls from users for a number of support issues and for most of these issues the first step is to find out what tomcat instance they ended up in.
Is there anyway we can add the tomcat sessionID to their page so that they
can tell us where they are?
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
RE: User tracking/monitoring
From: Chetan Chheda [mailto:chetan_chh...@yahoo.com] Subject: User tracking/monitoring Is there anyway we can add the tomcat sessionID to their page so that they can tell us where they are? Besides adding it to some common component of each page of the web site as Tim suggested, you could do any of the following: 1) Disable cookies and use URL rewriting, forcing the session ID into the URL (can't really recommend that). 2) Add a filter or valve to append the session ID to each response. 3) Have the users look in the cookie cache of the browser when they have a problem. Tim's suggestion or perhaps #3 would seem to be the simplest. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
