Use Tomcat manager for session management

Contains tips for configurators working with Aware IM
Post Reply
Posts: 2397
Joined: Fri Feb 01, 2013 1:13 pm
Location: Scandinavia

Use Tomcat manager for session management

Post by hpl123 »

Hi all,
Here is a tip on how to use the Tomcat session manager to look over Tomcat sessions etc..
1. Add a user for the manager to file: "C:\AwareIM\Tomcat\conf\tomcat-users.xml". Format for user is: <user username="admin" password="password" roles="standard,manager-gui" />
2. Go to http://localhost:8080/manager/html and log on

Documentation: ... howto.html

It looks like we can look at sessions and do various operations related to sessions and also look at some overall server stats so this can be a valuable tool in performance etc. monitoring.

I never knew it existed something like this and don´t know much about it so if anyone (or support) has some more details and potential security concerns with accessing, using etc. this please comment + share tips if you have any on how to use this tool.

PS: Be careful when clicking and messing around in the manager, I have no clue what can happen or cause problems for servers/apps.
Henrik (V8 Developer Ed. - Windows)
Posts: 2080
Joined: Tue Jan 13, 2015 10:58 am
Location: Tampa, FL

Re: Use Tomcat manager for session management

Post by Jaymer »

i played with this a year ago when I was having sessions invalidated by calling my own-apps' REST from inside the app. Since then I remember having some other issue and Vlad told me specifically he knew nothing about the 2 tomcat manager tools.

also, since those are present in every install, i rename mine. even though it has the security tokens in the xml, if you rename "manager" and "host-manager", then they can't even attempt to be hacked. just 1 more [minor] level of hardening.
Click Here to see a collection of my tips & hacks on this forum? Or search for "JaymerTip" in the search bar at the top.

Aware Programming & Consulting - Tampa FL
Post Reply