BZ 66183. Log all values for given cookie, not just the first.

https://bz.apache.org/bugzilla/show_bug.cgi?id=66183 Based on #541 by Han Li.
apache · Aug 23, 2022 · cbf884c · cbf884c
1 parent f2f8c90
commit cbf884c
Show file tree

Hide file tree

Showing 4 changed files with 35 additions and 8 deletions.
diff --git a/java/org/apache/catalina/valves/AbstractAccessLogValve.java b/java/org/apache/catalina/valves/AbstractAccessLogValve.java
@@ -1545,17 +1545,26 @@ public CookieElement(String cookieNameToLog) {
         @Override
         public void addElement(CharArrayWriter buf, Date date, Request request,
                 Response response, long time) {
-            String value = "-";
+            StringBuilder value = new StringBuilder();
+            boolean first = true;
             Cookie[] cookies = request.getCookies();
             if (cookies != null) {
                 for (Cookie cookie : cookies) {
                     if (cookieNameToLog.equals(cookie.getName())) {
-                        value = cookie.getValue();
-                        break;
+                        if (first) {
+                            first = false;
+                        } else {
+                            value.append(',');
+                        }
+                        value.append(cookie.getValue());
                     }
                 }
             }
-            escapeAndAppend(value, buf);
+            if (value.length() == 0) {
+                buf.append('-');
+            } else {
+                escapeAndAppend(value.toString(), buf);
+            }
         }
     }
 

diff --git a/java/org/apache/catalina/valves/ExtendedAccessLogValve.java b/java/org/apache/catalina/valves/ExtendedAccessLogValve.java
@@ -64,7 +64,7 @@
  * <li><code>time-taken</code>:  Time (in seconds) taken to serve the request</li>
  * <li><code>x-threadname</code>: Current request thread name (can compare later with stacktraces)</li>
  * <li><code>x-A(XXX)</code>: Pull XXX attribute from the servlet context </li>
- * <li><code>x-C(XXX)</code>: Pull the first cookie of the name XXX </li>
+ * <li><code>x-C(XXX)</code>: Pull the cookie(s) of the name XXX </li>
  * <li><code>x-O(XXX)</code>: Pull the all response header values XXX </li>
  * <li><code>x-R(XXX)</code>: Pull XXX attribute from the servlet request </li>
  * <li><code>x-S(XXX)</code>: Pull XXX attribute from the session </li>
@@ -298,12 +298,24 @@ public CookieElement(String name) {
         @Override
         public void addElement(CharArrayWriter buf, Date date, Request request,
                 Response response, long time) {
+            StringBuilder value = new StringBuilder();
+            boolean first = true;
             Cookie[] c = request.getCookies();
             for (int i = 0; c != null && i < c.length; i++) {
                 if (name.equals(c[i].getName())) {
-                    buf.append(wrap(c[i].getValue()));
+                    if (first) {
+                        first = false;
+                    } else {
+                        value.append(',');
+                    }
+                    value.append(c[i].getValue());
                 }
             }
+            if (value.length() == 0 ) {
+                buf.append('-');
+            } else {
+                buf.append(wrap(value.toString()));
+            }
         }
     }
 

diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
@@ -128,6 +128,12 @@
         MemoryUserDatabase.save(). Deprecate and discontinue use of MemoryUser,
         MemoryRole, and MemoryGroup classes. (schultz)
       </fix>
+      <fix>
+        <bug>66183</bug>: When logging cookie values in an access log valve and
+        there are multiple cookies with the same name, log all cookie values
+        rather than just the first. Based on pull request <pr>541</pr> by Han
+        Li. (markt)
+      </fix>
       <fix>
         <bug>66184</bug>: Ensure that JULI root loggers have a default level of
         <code>INFO</code>. Pull request <pr>533</pr> provided by Piotr P.

diff --git a/webapps/docs/config/valve.xml b/webapps/docs/config/valve.xml
@@ -331,7 +331,7 @@
         connection peer address (<code>xxx=peer</code>)</li>
     <li><b><code>%{xxx}i</code></b> write value of incoming header with name <code>xxx</code> (escaped if required)</li>
     <li><b><code>%{xxx}o</code></b> write value of outgoing header with name <code>xxx</code> (escaped if required)</li>
-    <li><b><code>%{xxx}c</code></b> write value of cookie with name <code>xxx</code> (escaped if required)</li>
+    <li><b><code>%{xxx}c</code></b> write value of cookie(s) with name <code>xxx</code> (comma separated and escaped if required)</li>
     <li><b><code>%{xxx}r</code></b> write value of ServletRequest attribute with name <code>xxx</code> (escaped if required)</li>
     <li><b><code>%{xxx}s</code></b> write value of HttpSession attribute with name <code>xxx</code> (escaped if required)</li>
     <li><b><code>%{xxx}p</code></b> write local (server) port (<code>xxx==local</code>) or
@@ -493,7 +493,7 @@
     <li><b><code>cs(XXX)</code></b> for incoming request headers with name XXX</li>
     <li><b><code>sc(XXX)</code></b> for outgoing response headers with name XXX</li>
     <li><b><code>x-A(XXX)</code></b> for the servlet context attribute with name XXX</li>
-    <li><b><code>x-C(XXX)</code></b> for the first cookie with name XXX</li>
+    <li><b><code>x-C(XXX)</code></b> for the cookie(s) with name XXX (comma separated if required)</li>
     <li><b><code>x-O(XXX)</code></b> for a concatenation of all outgoing response headers with name XXX</li>
     <li><b><code>x-P(XXX)</code></b> for the URL encoded (using UTF-8) request parameter with name XXX</li>
     <li><b><code>x-R(XXX)</code></b> for the request attribute with name XXX</li>