OFBiz › OFBiz - Dev

sessionId in logs

_‹ Previous Topic Next Topic _›

Classic

List

Threaded

3 messages Options

Jacques Le Roux

sessionId in logs

Administrator

Hi,

As I wrote at https://issues.apache.org/jira/browse/OFBIZ-6867

<<There are many cases where we show the sessionId in logs (using UtilHttp.getSessionId()) I wonder if we should not keep those commented out or
change the debug info level.
Also HttpSessionEvent.getSession().getId() is directly used in some places for the same purpose (log)>>

Note: UtilHttp.getSessionId() is only used in RequestHandler.java

Despite we secured the log access at r1489461, I'm more for commenting out. We could also make this dependent of a properties to quickly allow to see
these information in logs.

What are your opinions?

Jacques

Gil Portenseigne

Re: sessionId in logs

Hi,

I never used/looked for sessionId in log, and i don't see the benefit yet. So i'm more for commenting out.

Do someone ever used this info ? In which case ?

Gil

On 04/02/2016 11:30, Jacques Le Roux wrote:

Hi,

As I wrote at https://issues.apache.org/jira/browse/OFBIZ-6867

<<There are many cases where we show the sessionId in logs (using UtilHttp.getSessionId()) I wonder if we should not keep those commented out or change the debug info level.
Also HttpSessionEvent.getSession().getId() is directly used in some places for the same purpose (log)>>

Note: UtilHttp.getSessionId() is only used in RequestHandler.java

Despite we secured the log access at r1489461, I'm more for commenting out. We could also make this dependent of a properties to quickly allow to see these information in logs.

What are your opinions?

Jacques

Jacques Le Roux

Re: sessionId in logs

Administrator

I must say I relied on it while working on issues with load-balancing. Apart that I can't see any other use.
So that's why I finally suggest a properties to opt in, false by default

Jacques

Le 04/02/2016 11:45, gil portenseigne a écrit :

> Hi,
>
> I never used/looked for sessionId in log, and i don't see the benefit yet. So i'm more for commenting out.
>
> Do someone ever used this info ? In which case ?
>
> Gil
>
> On 04/02/2016 11:30, Jacques Le Roux wrote:
>> Hi,
>>
>> As I wrote at https://issues.apache.org/jira/browse/OFBIZ-6867
>>
>> <<There are many cases where we show the sessionId in logs (using UtilHttp.getSessionId()) I wonder if we should not keep those commented out or
>> change the debug info level.
>> Also HttpSessionEvent.getSession().getId() is directly used in some places for the same purpose (log)>>
>>
>> Note: UtilHttp.getSessionId() is only used in RequestHandler.java
>>
>> Despite we secured the log access at r1489461, I'm more for commenting out. We could also make this dependent of a properties to quickly allow to
>> see these information in logs.
>>
>> What are your opinions?
>>
>> Jacques
>>
>