There is also similar code in FormAuthenticator.forwardToLoginPage(). Though if anyone really want to debug such issues, I'd recommend to write a listener for the event sent by ManagerBase.changeSessionId(). For Tomcat 8 that would be a javax.servlet.http.HttpSessionIdListener. We may add one to the examples webapp.
2013/11/29 <ma...@apache.org>: > Author: markt > Date: Fri Nov 29 18:45:09 2013 > New Revision: 1546621 > > URL: http://svn.apache.org/r1546621 > Log: > Add a debug message when the session ID changes on authentication > > Modified: > tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java > > tomcat/trunk/java/org/apache/catalina/authenticator/LocalStrings.properties > > Modified: > tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java > URL: > http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java?rev=1546621&r1=1546620&r2=1546621&view=diff > ============================================================================== > --- > tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java > (original) > +++ > tomcat/trunk/java/org/apache/catalina/authenticator/AuthenticatorBase.java > Fri Nov 29 18:45:09 2013 > @@ -724,9 +724,17 @@ public abstract class AuthenticatorBase > > if (session != null) { > if (changeSessionIdOnAuthentication) { > + String oldId = null; > + if (log.isDebugEnabled()) { > + oldId = session.getId(); > + } > Manager manager = request.getContext().getManager(); > manager.changeSessionId(session); > request.changeSessionId(session.getId()); > + if (log.isDebugEnabled()) { > + log.debug(sm.getString("authenticator.changeSessionId", > + oldId, session.getId())); > + } > } > } else if (alwaysUseSession) { > session = request.getSessionInternal(true); > > Modified: > tomcat/trunk/java/org/apache/catalina/authenticator/LocalStrings.properties > URL: > http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/authenticator/LocalStrings.properties?rev=1546621&r1=1546620&r2=1546621&view=diff > ============================================================================== > --- > tomcat/trunk/java/org/apache/catalina/authenticator/LocalStrings.properties > (original) > +++ > tomcat/trunk/java/org/apache/catalina/authenticator/LocalStrings.properties > Fri Nov 29 18:45:09 2013 > @@ -14,6 +14,7 @@ > # limitations under the License. > > authenticator.certificates=No client certificate chain in this request > +authenticator.changeSessionId=Session ID changed on authentication from > [{0}] to [{1}] > authenticator.formlogin=Invalid direct reference to form login page > authenticator.loginFail=Login failed > authenticator.manager=Exception initializing trust managers > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
