Re: User tracking/monitoring
Thanks Tim and Chuck. Tim, Is this something a novice programmer like me can add to our Footer.jsp file? Can you add your recommendation to a code snippet , I would really appreciate it. Chuck, Can you tell me more about 2? How would the sessionId be displayed in the page with that method? Can you demonstrate that to me with a small example? 3 wont work as most of the users are business users and designers who are not that savvy. Thank you so much! Chetan From: Caldarale, Charles R chuck.caldar...@unisys.com To: Tomcat Users List users@tomcat.apache.org Sent: Friday, May 29, 2009 1:59:01 PM Subject: RE: User tracking/monitoring From: Chetan Chheda [mailto:chetan_chh...@yahoo.com] Subject: User tracking/monitoring Is there anyway we can add the tomcat sessionID to their page so that they can tell us where they are? Besides adding it to some common component of each page of the web site as Tim suggested, you could do any of the following: 1) Disable cookies and use URL rewriting, forcing the session ID into the URL (can't really recommend that). 2) Add a filter or valve to append the session ID to each response. 3) Have the users look in the cookie cache of the browser when they have a problem. Tim's suggestion or perhaps #3 would seem to be the simplest. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: User tracking/monitoring
The snippet I post was the snippet. (if you are using jsp) But it can have security side effects. A safer snippet might be this: %@ taglib uri=http://java.sun.com/jsp/jstl/functions; prefix=fn % ${(fn:split(pageContext.session.id, '.')[fn:length(fn:split(pageContext.session.id, '.'))-1])} Which splits the session id apart by '.' and typically - the last part of the session is the jvmroute (aka the server which served the request) Anyone with knowledge of JSTL should have no problem incorporating the above snippet. If you have trouble with the above - seek a trusted consultant for help. The money will be well spent. -Tim Chetan Chheda wrote: Thanks Tim and Chuck. Tim, Is this something a novice programmer like me can add to our Footer.jsp file? Can you add your recommendation to a code snippet , I would really appreciate it. Chuck, Can you tell me more about 2? How would the sessionId be displayed in the page with that method? Can you demonstrate that to me with a small example? 3 wont work as most of the users are business users and designers who are not that savvy. Thank you so much! Chetan - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: User tracking/monitoring
I had to add %= request.getSession().getId()% for it to display the sessionId. Tim, Can you elaborate on what the side effects would be to display the full sessionId as compared to just the session route? Chetan From: Tim Funk funk...@apache.org To: Tomcat Users List users@tomcat.apache.org Sent: Monday, June 1, 2009 11:54:26 AM Subject: Re: User tracking/monitoring The snippet I post was the snippet. (if you are using jsp) But it can have security side effects. A safer snippet might be this: %@ taglib uri=http://java.sun.com/jsp/jstl/functions; prefix=fn % ${(fn:split(pageContext.session.id, '.')[fn:length(fn:split(pageContext.session.id, '.'))-1])} Which splits the session id apart by '.' and typically - the last part of the session is the jvmroute (aka the server which served the request) Anyone with knowledge of JSTL should have no problem incorporating the above snippet. If you have trouble with the above - seek a trusted consultant for help. The money will be well spent. -Tim Chetan Chheda wrote: Thanks Tim and Chuck. Tim, Is this something a novice programmer like me can add to our Footer.jsp file? Can you add your recommendation to a code snippet , I would really appreciate it. Chuck, Can you tell me more about 2? How would the sessionId be displayed in the page with that method? Can you demonstrate that to me with a small example? 3 wont work as most of the users are business users and designers who are not that savvy. Thank you so much! Chetan - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: User tracking/monitoring
Already answered in this thread here: http://www.nabble.com/Re%3A-User-tracking-monitoring-p23792941.html -Tim Chetan Chheda wrote: I had to add %= request.getSession().getId()% for it to display the sessionId. Tim, Can you elaborate on what the side effects would be to display the full sessionId as compared to just the session route? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: User tracking/monitoring
On 29.05.2009 18:58, Tim Funk wrote: Add this to your footer? SESSION ID: ${pageContext.session.id} Beware though, that in some security sensitive contexts this is not adequate, e.g. if users print out or save pages and share those with others, session takeover is made much more simple (at least in cases they do not log out and the session timeout is long relative to the communication latency). If the name of the node is already enough, set a system property during startup to the name of the node (or some unique symbolic name) and only include the value of the system property on the page. You can also use the same system property to set the jvmRoute in server.xml. If you use jvmRoute as the name of the system property, the internal Tomcat jvmRoute will be automatically set from its value. To quickly identify the users in the access log: The support could tell customers to add ?garbage (choose your favourite marker) at the end of the URL and send it again. You will likely easily find this request in the logs (and thus get the IP etc.). Furthermore you can log the session id in the apache access logs via %{JSESSIONID}C or in the Tomcat logs via %S. Sou you can find the other requests from the garbage one by comparing logged session ids. Regards, Rainer Chetan Chheda wrote: All, In our production environment we load balance across 4 tomcats that are split among 2 physical servers. This is a high traffic website and we get calls from users for a number of support issues and for most of these issues the first step is to find out what tomcat instance they ended up in. Is there anyway we can add the tomcat sessionID to their page so that they can tell us where they are? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: User tracking/monitoring
Add this to your footer? SESSION ID: ${pageContext.session.id} -Tim Chetan Chheda wrote: All, In our production environment we load balance across 4 tomcats that are split among 2 physical servers. This is a high traffic website and we get calls from users for a number of support issues and for most of these issues the first step is to find out what tomcat instance they ended up in. Is there anyway we can add the tomcat sessionID to their page so that they can tell us where they are? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: User tracking/monitoring
From: Chetan Chheda [mailto:chetan_chh...@yahoo.com] Subject: User tracking/monitoring Is there anyway we can add the tomcat sessionID to their page so that they can tell us where they are? Besides adding it to some common component of each page of the web site as Tim suggested, you could do any of the following: 1) Disable cookies and use URL rewriting, forcing the session ID into the URL (can't really recommend that). 2) Add a filter or valve to append the session ID to each response. 3) Have the users look in the cookie cache of the browser when they have a problem. Tim's suggestion or perhaps #3 would seem to be the simplest. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org