Announcement

Collapse
No announcement yet.

Apache Session Logs

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Apache Session Logs

    How to Log session id into Apache access log.

    I need to maintain the session based logs.

    Client may use web browser or their own client(like win32 application).

    Here how to keep session id in the log file.

    Any parameter is there like "%sessionID%" to log session ID ???

    Thanks in advance.

  • #2
    Subversion doesn't track "sessions" in the first place. HTTP is stateless, and sessions/state are kludged on via cookies or querystrings; Subversion doesn't use cookies, and querystrings would just make handling requests more cumbersome.

    Comment


    • #3
      Then how can i get Session ID ??? or
      not possible to get Session ID ??

      Comment


      • #4
        There is no session ID to be had. You can't get that which does not exist. Why do you think you need it?

        Comment


        • #5
          Bcoz I need to log particular user from Login to logout. & the same user may login from another client. so That time i need to differentiate those two Logs. How its possible. Bcoz here Client IP & user name is same... the client application is only different.

          Comment


          • #6
            Originally posted by satheesh View Post
            Bcoz I need to log particular user from Login to logout. & the same user may login from another client. so That time i need to differentiate those two Logs. How its possible. Bcoz here Client IP & user name is same... the client application is only different.
            Once again, this is not possible. There is no "login" and "logout" for Subversion. That implies that a persistent connection exists between the client and server, and that is not the case with Subversion. For each request, the user is authenticated & authorization checks are performed. Then the connection is terminated. There is no "logout". Period.

            And because all clients use the same libraries behind the scenes, you won't see a different "client application" get logged anyway. It'll be identified the same way each time.

            You're still not explaining the root of all of this - why do you think you need to track this in the first place? Why does it matter what client someone is using? Why does any of this matter at all?

            Comment


            • #7
              For example,
              The user harry using the repository in 10.0.0.1 via web-browser(Reading the files). The same time harry using same repository in the same ip with their own application(Adding File,commit). Here how can i differentiate these two access. I need to differentiate.

              Did u understand ??? Pls give me an idea to do this.
              Last edited by satheesh; 08-16-2012, 01:45 PM.

              Comment


              • #8
                Originally posted by satheesh View Post
                For example,
                The user harry using the repository in 10.0.0.1 via web-browser(Reading the files). The same time harry using same repository in the same ip with their own application(Adding File,commit). Here how can i differentiate these two access. I need to differentiate.
                That is a completely different goal than you originally laid out. And the reason why I keep asking the same questions over and over. When you say "client" around here, that is understood to mean Subversion client.

                With the Subversion web view, you still have no "login" and "logout" because, just like any other HTTP activity, it's stateless and those notions are managed by cookies & server-side tracking which Subversion's Apache modules don't do.

                Why does this even matter?

                You're approaching it backwards. A web browser will send an easily-identifiable user-agent string. As long as Apache is configured to log that, you can search for the web browser's UA string vs. another UA string (or none at all). But a savvy/malicious user can forge that trivially if he wants to, to avoid detection. And if you're using this as some way to monitor/trace the activity of your users because you don't trust them to do their jobs right, the ones who have something to hide will figure this out and find a way around it.

                Comment


                • #9
                  Ya in Web browser its like other http activity.

                  But here the users are using their own application. thorough their application they may add files, commits... So in that case & one user open multiple instance of application & using the same repository or using different application(own). here there is any way to differentiate those multiple instant access.

                  Comment


                  • #10
                    Originally posted by satheesh View Post
                    But here the users are using their own application. thorough their application they may add files, commits... So in that case & one user open multiple instance of application & using the same repository or using different application(own). here there is any way to differentiate those multiple instant access.
                    How many times do I have to say "no" before you understand it? Unless you can get a unique identifier sent by each client and logged by the server (like a UA string), it cannot be done.

                    Why does this even matter in the first place? The end result should be all that matters - the state of the repository.

                    Comment

                    Working...
                    X