Prevent Session Mix up - CTRL + N

Similar Messages

• Session trackion and ctrl n

  Hi
  i have a problem. i am using the servlet API for session trackin but when the user cliks ctrl+n a new
  browser window is opened and the session is copied .
  then the user can use twice the application.
  how can i prevent him continueing using the applicaion twice?
  please help.
  Dana

  Ok, now
  if the user presses Ctrl + N, it creates a new window, so , in for that
  just check at the top of the jsp
  page like this
  <%
  HttpSession session = request.getSession(false);
  %>
  this gets the session if it is already there, otherwise, it won't create a new one but return null so
  check like this:
  <%
  HttpSession session = request.getSession(false);
  if(session != null){
  //create one here
  }else{
  //notify that he is already using one...
  %>

• Session tracking and ctrl+n

  Hi
  i have a problem. i am using the servlet API for session trackin but when the user cliks ctrl+n a new
  browser window is opened and the session is copied .
  then the user can use twice the application.
  how can i prevent him continueing using the applicaion twice?
  please help.
  Dana

  I don't think u can block function KEYS in any
  browsers. You can block normal key pressed events
  using Javascript but function keys are overridden by
  the browser vendors code.Please people, stop posting guesses, as it is more time consuming to deprogram the people that try these inane methods than to show them how to do it right the first time.
  I've already posted how to do this in a simple javascript funtion. Now here's the equivalent in a Jscript funtion:
  <BODY onload="document.body.focus();" onkeydown="ctrlDown();">
  The event handler is defined as:
  function ctrlDown() {
  if (event.ctrlLeft) {
  alert("Left CTRL Pressed");
  else {
  if (event.ctrlKey) {
  alert("Right CTRL Pressed");
       document.body.focus();
  OK? Got it? Tried it? Yes it worked huh? Did you know you can trap any chars?
  Now while the rest of the know universe is trapping the CTRL key these two ways, you guys can continue to invoke methods, hide variables, and create additional jsp's to parse session beans set with useless properties.
  Frank Krul

• How to prevent session getting  killed

  Hi All,
  I am trying to execute a procedure which contains a long running query .
  The query takes so much time to execute that the session gets killed .
  Can anybody please let me know what should I do to prevent my session being killed/
  Is there any parameter to be set to do so?
  Many thanks in advance.

  try to avoid posting 2 questions for the same subject
  Can I alter the default profile

• How to prevent session sharing ???

  I am getting a problem when i access my application with different logins from same machine ( same browsers ) ,
  then old login session is updating with new login session,
  how can i prevent this session sharing?
  thanks in advance

  What's probably happening is that you use file cookies (cookies are stored in your file system).
  1. You log in from browser 1 as User A. The server sets a session cookie on your file system.
  2. You continue to work from browser 1. The session cookie gets sent in every request and all is fine.
  3. Now you open another browser and log in as User B. The server sets a session cookie identifying you as User B on your file system.
  4. This overwrites the cookie that was set earlier that identified you as User A The concept is that you can have only one cookie from a server for a specific purpose (session identification in this case)
  5. When you go back to browser 1 now and access the site, the second cookie gets sent (the one that identifies you as User B) and you are logged in as User B now.
  ram.

• Preventing automatic log out from Apex Developer session

  Hello,
  I've noticed that I am frequently being logged out of my Apex Developer session whenever I am tryng to 'return' to application builder after running/testing my application (using Apex Developer). It seems quite random as to whether it happens or not, but since migrating to Apex v4.2 it appears to be happening more frequently ( based on my first week of using this version). Is there any setting that can be applied to prevent this happening or to extend the timeout/inactivity period before it does happen,
  thanks in advance,
  Kevin.

  Login as INTERNAL / ADMIN and go to Manage Instance > Security. There, you can define the maximal
  Maximum Session Length in Seconds      
  The help says:
  "Enter a positive integer to control how many seconds an application session is allowed to exist. This setting is superceded by the application level setting. Leave the value null in order to revert to the default value of 8 hours (28800 seconds). Enter 0 to have the session exist indefinitely. This session duration may be superseded by the operation of the job that runs every hour which deletes sessions older than 12 hours."
  and the
  Maximum Session Idle Time in Seconds
  The help says:
  "Enter a positive integer to control how many seconds a session may remain idle for Oracle Application Express applications. This setting is superceded by the application-level setting. Leave the value null in order to revert to the default value of 1 hour (3600 seconds). Set to 0 to prevent session idle time checks from being performed."
  Denes Kubicek
  http://deneskubicek.blogspot.com/
  http://www.apress.com/9781430235125
  http://apex.oracle.com/pls/apex/f?p=31517:1
  http://www.amazon.de/Oracle-APEX-XE-Praxis/dp/3826655494
  -------------------------------------------------------------------

• How do I tell FiIrefox to only restore a sesson of more than one tab, and disregard the restore of a single tab session (ie. closing the browser)

  I am on the beta channel of Firefox (currently 17.0, by the about window) and I cannot seem to find a way to limit the size of a browsing session that is automatically restored when re-opening the browser. In the past, Firefox would only save sessions of more than one tab when closing the entire application, and ask me about restoring said session when restarted. Now, Firefox seems to treat a session of just a single tab the same, which is a preference I dislike, given that I use a blank start page to great effect.
  I am using a number of addons, including Tab Mix Plus, which specifically modifies tab behavior (although I have it configured to use Firefox's default session manager), but the problem persists even with all addons disabled.
  I cannot seem to find an option in about:config to change this behavior. Is this a permanent change within Firefox, and if so, is there or will there be an option to specify the number of tabs that constitute a session that will be automatically saved?

  Make sure that Firefox closes properly to prevent session restore from restoring a crashed session.
  *"Hang at exit": http://kb.mozillazine.org/Firefox_hangs
  *"Firefox hangs when you quit it": https://support.mozilla.org/kb/Firefox+hangs
  Use "Firefox/File > Exit" (Mac: "Firefox > Quit"; Linux: "File > Quit") to close Firefox if you are currently doing that by clicking the close X on the title bar.

• Sound and second x session

  Hi, everyone. I hope this is the right place to post this.
  I sometimes invoke a second x session by doing ctrl+alt+F1, logging in, and then startx -- :1
  For some reason I don't have any sound when I do this. Do any of you have any idea why this might be? I have sound set up so that multiple sound sources can be software mixed, and that works fine.
  I'm pretty sure this is a ConsoleKit issue, since my primary x session uses gdm, but I'm looking for a work around.
  Not using gdm isn't really an option because I couldn't figure out how to get user shutdown privileges set. Enabling gdm was the only way I could log in as a regular user and still shut down the system.

  Sounds like a regular 'sound server uses sound card alone' issue. You probably have to move a layer down to get sound in your second X session. Which DE are you using and how exactly have you set up the sound there?
  SignorRossi.

• CL_GUI_HTML_VIEWER need to open a different Browser session if one exists

  Hi All,
  I'm using the class  cl_gui_html_viewer for displaying a PDF in My program. However, if an Internet Explorer Session is already open, the HTLM_VIEWER created in my program is behaving more like a child of the already open browser (In other words, it works like pressing CTRL+N on the original window). But my requirement is to open a new Browser session altogether (Like Opening up another Internet Explorer Session).
  The reason i need to have this is because the PDF i display is based on an authenticated login. If a person is already logged in through the Stand alone IE browser, my program should not allow the same user to view it in the browser but authenticate again by prompting for a login. This is achieved by using different Browser sessions (not by CTRL+N).
  Please let me know if you have any thoughts on achieving this.
  Thanks in advance,
  Jr.

  where is this PDf coming from, is it from external source thru a url? can you pass uid/pwd to this PDF via url,
  if yes, pass a wrong uid/pwd thru the url , every time you load the pdf, in the html viewer control, this would always prompt for authntication box. other option is to delete the sso2 cookie,  you need to find a method to delete the cookie in your local machine created by calling this pdf from standalone browser.
  Raja

• I have "show a blank page" selected but since I've downloaded the latest version it always restarts with whatever pages and tabs I had open in the previous session. How do I fix this?

  I have just reloaded and no difference

  If you do not use "Show my windows and tabs from last time" then make sure that Firefox closes properly to prevent session restore from reopening a possibly crashed session.
  See "Hang at exit":
  * http://kb.mozillazine.org/Firefox_hangs
  * https://support.mozilla.com/kb/Firefox+hangs

• Possible session caching issue in SSRS2014

  Using custom FormsAuth, User A can sign into our own main asp.net mvc app (WIF cookie), then SSRS (FormsAuth cookie) and all is well.  Here is where things go bad.  User A signs out of our main application (WIF cookie deleted) then back in into
  our main application as User B then back into SSRS.  SSRS report that displays User!UserID show UserA instead of current User B.  Its like there is either a session or cookie caching issue going on but not for sure.  
  1. What is the proper way to sign out of SSRS and prevent session caching?
  2. Do I need to worry about making my SSRS logon page non-cacheable?  If so, what is the recommended way of doing this?
  thanks
  scott

  Hi scott_m,
  According to your description, you used custom FormsAuthentication in Reporting Services, after user A sign out the application an sign in as user B, SSRS built-in user is shows user A instead of user B.
  Based on my search, once we configured SSRS to use Custom (Forms) authentication by deploying a custom security extension, we can logon to MS Report Manager (MSRM) using credentials of our custom security framework via a logon web page. But there is no way
  to logout or to expire the authentication cookie, so we need to close the browser manually. As a workaround, we can add a logout button to the Report Manager which is using Forms Authentication, then use code to clear the cookie and redirect to home page.
  In addition, if you extend Reporting Services to use Forms Authentication, it’s better to use Secure Sockets Layer (SSL) for all communications with the report server to prevent malicious users from gaining access to another user's cookie. SSL enables clients
  and a report server to authenticate each other and to ensure that no other computers can read the contents of communications between the two computers. All data sent from a client through an SSL connection is encrypted so that malicious users cannot intercept
  passwords or data sent to a report server.
  Here is a relevant thread you can reference:
  https://social.msdn.microsoft.com/Forums/sqlserver/en-US/5e33949d-7757-45d1-9c43-6dc3911c3ced/how-do-you-logout-of-report-manager
  For more information about Forms Authentication, please refer to the following document:
  https://technet.microsoft.com/en-us/library/aa902691%28v=sql.80%29.aspx?f=255&MSPPError=-2147217396
  If you have any more questions, please feel free to ask.
  Thanks,
  Wendy Fu
  If you have any feedback on our support, please click
  here.
  Wendy Fu
  TechNet Community Support

• Session ID security

  Hi all,
  I have the following scenario. A user makes login using https into an administrative area of the webapp. Should I keep using
  https in the rest of the pages of the administrative area (currently no)?.
  Is it possible that other user could use the session id of the first user to get access to this area?.
  Thanks in advance.

  Also note that AOL can switch the client IP on the fly (or at least it used
            to), so it's dangerous to assume the IP is constant for a client..
            Peace,
            Cameron Purdy
            Tangosol, Inc.
            Clustering Weblogic? You're either using Coherence, or you should be!
            Download a Tangosol Coherence eval today at http://www.tangosol.com/
            "Simon Nunn" <[email protected]> wrote in message
            news:[email protected]..
            > Bob,
            >
            > For 5.1, the session id does not contain the clients IP. Basically, WLS
            > is generating a random session id.
            >
            > Thanks,
            > Simon Nunn
            > Developer Relations Engineer
            > BEA Support
            >
            > Bob Lee wrote:
            >
            > > Is the session ID generated by WebLogic associated with the client's IP
            > > address or something to prevent session hijacking?
            > >
            > > Thanks,
            > > Bob
            >
            

• Session Mixup

  Friends,
  I am using lotus notes for my mail. Lotus notes will also contain browser. If I send two requests for same page from my lotus notes. Session mixing up takes place. How can I overcome this situation.
  Thanks in advance.
  -Seetharam

  Why not create a HashTable which can be access globally,
  For example,
  (SessionID, request)
  (SessionID, response)
  insert a variable into it when the page (maybe a servlet) init

• Session stealing using cookies

  Hi,
  I was going through the article "Using Secure Cookies to Prevent Session Stealing" at http://e-docs.bea.com/wls/docs103/security/thin_client.html#wp1039551
  . And i was trying to setup WLAUTHCOOKIE_JSESSIONID cookie. But whatever is mentioned in this article is not available with my weblogic instance. I don't see any <WebServer> tag in the config.xml where i can set AuthCookieEnabled="true" .
  Can anyone help?

  yes, i have tried as ur suggestion. it wroks.
  but why i want use 'user_id + session_id' as the
  JSessionId is that :-- i assume that two user use one
  client to login the sever(of course one by one)
  although this happens unnormally. but u should think
  about it when it happens.
  so when two use one client machine, only single
  session is given.      Normally whenever a user is signing up as a different user from the same client the session must be invalidated before the user logs in. i.e the login page must contain a session.invalidate as such. This will make sure that u get a new sessionID even when a user logs in from the same client.
  Hope this helps!!!
  so the two user use same sessionID.
  so i add userid in front of session id. but it do not
  works well as you pointed the problem
  any suggestion?

• About session time out

  when i login to the webmail,session time out is randomly reported ,but I have set http.sessiontimeout to be a very large value,I there any suggestion??
  thanks

  If your users connect through a proxy or some form of load balancer, they may be coming from a variety of ip addresses. Since HTTP is "stateless", the originating ip address is part of what we call "ip security", and if the connection changes source ip, we time it out immediately, to prevent session hijacking.
  If this is what you're seeing, you can turn ip security off, and prevent these timeouts.
  configutil -o service.http.ipsecurity -v off