-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Eero,
Eero Nevalainen wrote:
> The application itself is nothing fancy. The login controller hits the
> database, puts a "user" key in session with some user-specific data,
> and after that, a front filter checks for the existence of the key for
> login-restricted URLs. After that, it's just a matter of getting the
> username from the session-stored object for subsequent queries.
I would recommend installing an HttpSessionAttributeListener with
something like this for the implementation:
public void attributeReplaced(HttpSessionBindingEvent se)
{
if("user".equals(se.getName()))
{
System.err.println("'user' object was replaced in"
+ " the session.");
System.err.println("Old value: "
+ se.getValue());
System.err.println("New value: "
+ se.getSession().getAttribute("user"));
new Throwable("User replaced!").printStackTrace();
}
}
This will log an error message and complete stack trace whenever a user
is replaced in the session, and you'll be able to see which user was
replaced with which new one. This should at least give you a place to start.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFHH06p9CaO5/Lv0PARAv0+AJ9Ltq2mxL0qeQwi9a8gxgSGdJl8SgCeNfz2
3KpYQ93fHOT862NiFWa6aYQ=
=0RLC
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
