Session and cookies

Similar Messages

• XSQL Session and Cookies

  Hi, Steven,
  I have a question about cookies parameters in include-parameters.
  When set the following in my xsql file:
  <xsql:set-session-param name="current_user" value="{@sessionid}"/>
  <xsql:include-param name="mode"/>
  <xsql:include-request-params/>
  In the xml output, it looks like this.
  <request>
  <parameters>
  </parameters>
  <session/>
  <cookies/>
  </request>
  How come the session and cookies values are not appeared in XML file? However, if I reload the xsql file, the session and cookies values are there. Any idea what might be wrong or it is what should be?
  Thanks in advance.
  Julie Zhu

  I'd expect the cookies not to show up until the page request after the one in which they are set. This is correct since setting the cookies is something that's done on the response. Reading the cookies is reading them from the request.
  Regarding the session variables, it's
  always important to say what Web Servlet / Servlet Engine you're using XSQL with. Perhaps the setting of Servlet session variables behaves differently on different servers.

• APEX 4.1 - Problem with session and cookie

  Hi,
  I have 2 applications with both public pages and pages needs authentication. The 2 apllication have same authentication model and are using subscription to have like an SSO. So they share the same cookie.
  My problem is when i'm loged on the first application and open a new navigator tab to go into a public page of the second without passing the session id, My session on the first application is not valid any more and i must login again.
  I'm migrating all my applications from apex 3.1 to apex 4.1. Before this upgrade all my applications worked fine.
  Thanks.

  Hi,
  have you implemented your own custom authentication scheme or are you using a built-in one? If you have a custom authentication scheme, can you setup an example on apex.oracle.com and provide the workspace name and application id so that we can have a look.
  Regards
  Patrick
  My Blog: http://www.inside-oracle-apex.com
  APEX Plug-Ins: http://apex.oracle.com/plugins
  Twitter: http://www.twitter.com/patrickwolf

• Difference between session  and cookie?

  what for they use?

  If we're talking web application context:
  Each web browser transaction is a separate connection, so the web server often needs to be able to keep track of which comes from which browser, to tie the individual transactions into a conversation. The most popular underlying mechanism is cookies. The server sends the browser a cookie as part of the first transaction response and, thereafter, every time the browser sends a transaction it includes the cookie. Cookies typically contain random strings of characters which uniquely label the browser.
  A Session object is used in Serlvets and JSPs as a higher level abstraction of the same thing. The session object retains data about the conversation between transactions. The web server normally implements this by automatically creating a random cookie associated with the Session object and, whenever a transaction is received, it looks for the cookie and finds the relavant session object.

• I need java application to read session and cookie requests

  Hi
  I have a java application that can the HTML and links etc but is there a way for the application to
  a. retrieve cookies when they are given and
  b. know when the cookie is requested
  c. present the cookie when when they are requested
  d. retrieve session variables when they are given and
  e. know when the cookie is requested
  f. present them when they are requested
  Or is there a component out there where i can look at the code if it's complex
  stev

  Sure, the cookie is in the HTTP headers, so you don't really need anything special to handle cookies.
  A starting point for further studies is:
  http://home.netscape.com/newsref/std/cookie_spec.html

• How to use session and cookies in struts

  I have login page. If user enters his username and password go to other page. then i copy this url and put the address bar automatically go to this page without enter username and password. So this time i want to send one message "Your session is expired". How can i tell this message page in struts. Please tell me.

  I don't want to sound like a jerk (but I often do), but wouldn't it be easier to look for a good struts manual to look this stuff up in?
  If each time you don't know something you ask people in this forum to explain it to you then you'll be developing for a LONG time. If you do find a good manual (hint: a book might help a lot), then your lack of struts knowledge isn't really a problem anymore.

• Depent on session and cookies...

  why i can use two facebook or two email at a time?  any idea to change the procedure(program) is possible to work.  
  why can to do this concept.......................?
  note::   " only same browser"

  Can't tell what you're asking about but try them possibly over here.
  http://social.msdn.microsoft.com/Forums/ie/en-US/home?category=iedevelopment
  https://developers.facebook.com/
  Regards, Dave Patrick ....
  Microsoft Certified Professional
  Microsoft MVP [Windows]
  Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

• Please help me-it's urgent,maintaining session and security using cookies.

  hi folks,
  i presently developing a web site for an engineering colleege ,i am facing prob in maintaining the session using cookies,and destroying a cookie and keeping security to the user,There are four links on my webpage ,including a logout link,when i click the other links other than the logout,it works perfectly,and when i click the logout link,i am not able to disable the cookie and still able to visit previous pages by clicking the back button.please give a suggestion as such to disable the cokie and maintain the security for my web site.
  Thank u....

  Try out this login if it helps you.
  Create a bean that stores some String value. Then make a object of this bean using the useBean tag with session scope when a user logs in. Store the name of the user in the bean and also set the same name value in the Session object. Then on every JSP page compare the value set in the session object with the bean variable (which will be having a session scope). If the value match, then the JSP page output must be displayed to the user. Then on the logout link, invalidate the session object using the invalidate() method of the session class. As a result now when you will try to navigate back to the old JSP page, null will be returned to you when you will try to retrive the name value from the session object. And since this null will not match with the value in the bean, you should not proceed further with generating the output. Hope this help
  Nirav ([email protected])

• Sessions, URL Rewriting, and Cookies

  First some background, then some questions:
            BACKGROUND
            I have written an application framework to use with JSP/EJB/Servlet
            based applications. This framework does URL rewriting
            (response.encodeUrl) for all URLs generated by the application, and I
            have URL-based session support turned on in WebLogic.
            Despite the fact that my browser is set to support cookies on my test
            machines, I have noticed that intermittently the URL rewriting to
            support session IDs kicks in. Then, later, it goes away again. This
            would seem to indicate that the client browsers are (for no apparent
            reason) deciding to occasionally not support sessions with cookies, so
            that the server has to step in and do URL writing instead.
            QUESTIONS
            1. Has this sort of behavior been reported by anyone else?
            2. Is there a servlet/JSP API anywhere that I can call on a per-HTTP
            transaction basis to see if the browser that is participating in the
            transaction is at that moment supporting cookies?
            3. There are times when my framework needs to delete a cookie by setting
            its maxAge to 0. Most of time time this works, but (as with the session
            ID/URL rewriting above) occasionall the cookie does not get deleted on
            the client brower machine. This screws up some of the application logic
            that I have in the framework. Is this related to the problems listed
            above?
            CONCLUSION
            Any and all information is appreciated, from anyone. Thanks!
            Chris
            

            Hi,
            To answer your question #1, yes I have seen this behaviour, and
            the explanation I feel is as follows.
            1] You access a resource on WL Server & it starts a session, at
            this moment it is not sure whether the browser supports cookies
            so it uses both methods, URL Writing & cookies to store the session
            ID
            2] On the next request, it tries to read the cookie, if it is able
            to read it that means cookies are enabled and there is no need
            to continue with URL Rewriting else it continues wioth URLRewriting.
            To answer Question #2, you can follow a procedure similiar to above
            to find out if browser supports cookies, ie set a cookie & in the
            next request try to read teh value.
            As far as Question #3 is concerned, try setting the magAge to -12
            hours insteda of 0 so that there is no problem even in case of
            a time difference.
            hope this helps
            Rahul
            Chris Dole <[email protected]> wrote:
            >First some background, then some questions:
            >
            >BACKGROUND
            >I have written an application framework to use with JSP/EJB/Servlet
            >based applications. This framework does URL rewriting
            >(response.encodeUrl) for all URLs generated by the application,
            >and I
            >have URL-based session support turned on in WebLogic.
            >
            >Despite the fact that my browser is set to support cookies
            >on my test
            >machines, I have noticed that intermittently the URL rewriting
            >to
            >support session IDs kicks in. Then, later, it goes away
            >again. This
            >would seem to indicate that the client browsers are (for
            >no apparent
            >reason) deciding to occasionally not support sessions
            >with cookies, so
            >that the server has to step in and do URL writing instead.
            >
            >QUESTIONS
            >1. Has this sort of behavior been reported by anyone else?
            >
            >2. Is there a servlet/JSP API anywhere that I can call
            >on a per-HTTP
            >transaction basis to see if the browser that is participating
            >in the
            >transaction is at that moment supporting cookies?
            >
            >3. There are times when my framework needs to delete a
            >cookie by setting
            >its maxAge to 0. Most of time time this works, but (as
            >with the session
            >ID/URL rewriting above) occasionall the cookie does not
            >get deleted on
            >the client brower machine. This screws up some of the
            >application logic
            >that I have in the framework. Is this related to the problems
            >listed
            >above?
            >
            >CONCLUSION
            >Any and all information is appreciated, from anyone. Thanks!
            >
            >Chris
            >
            

• I set cookie permissions for a domain to "Allow for session" and at a later time it has changed to "Allow first party only" and now allows persistent cookies.

  As it says above, I have cookies set to always ask. I go to a domain (i.e. google) and it asks and I allow for session only. Some time later it will change to "first party only" and start to allow persistent cookies for the domain.

  Hello,
  Many site issues can be caused by corrupt cookies or cache. In order to try to fix these problems, the first step is to clear both cookies and the cache.
  Note: ''This will temporarily log you out of all sites you're logged in to.''
  To clear cache and cookies do the following:
  #Click the menu button [[Image:New Fx Menu]], choose History, and then Clear Recent History....
  #Under "Time range to clear", select "Everything".
  #Now, click the arrow next to Details to toggle the Details list active.
  #From the details list, check ''Cache'' and ''Cookies'' and uncheck everything else.
  #Now click the ''Clear now'' button.
  Further information can be found in the [[Clear your cache, history and other personal information in Firefox]] article.
  Did this fix your problems? Please report back to us!
  Thank you.

• PPR and session timeout cookie

  Scott,
  Is there anyway of getting the PPR functionality to update the session timeout cookie whenever a PPR request is made???
  Thanks..

  I am using your session timeout function from otn.
  I am using it to timeout after a set period of inactivity, every time the page is redrawn the cookie time is updated.
  I am calling this function from the 'Session Verify Function' field in the authentication scheme, and initially setting the cookie on login.
  I believe that the cookie only gets updated when the page is re-drawn and the Session Verify Function is run??
  On a PPR request only part of the page is refreshed, the page header remains unaffected, which means the user can be active on a page without refreshing the timeout value on the cookie?
  (Not a major problem, but would be nice to be able to update the cookie on a PPR request as well)
  Thanks..

• Jsp, jrun and cookies

  I have i problem with ie6 and cookies
  We have a web server with jrun3.1 and database server sqlserver2000.
  For ie6, session variable is like a cookies and block it...
  When i use services from Web site "A" by using a frameset (or portal) on Web site "B", cookies that Web site A tries to set may be blocked at the default medium privacy level.
  The only way to solve this problem is to force the user to set your privacy level to low or to accept all cookies
  Is there any solution to solve this problem?
  Thanks for your answer.
  Pascal

  For ie6, session variable is like a cookies and block it...Not true at all. The session variable can be used just fine in IE6.
  I'm running the exact same setup as you, and I have never had any problems with accepting cookies on the default Medium privacy level, but a quick glimpse at the privacy settings shows...
  --Blocks third party cookies that do not have a compact privacy.
  --Blocks third party cookies that use personally identifiable information without your explicit consent.
  Your cookies need to either fit these restrictions, or else they will be blocked at this security setting. Setting it to low will allow the cookies, but the user will be prompted each time one is attempted to be saved.
  If you're attempting to access the session variable from one web server in another, you're opening up a whole new can of worms, since the session is much more than just a cookie stored on the client.

• Sticky sessions and Load Balancing in WL Clusters

  We are using iPlanet Web Server 4.1 with WebLogic App Server; and would like
  to implement load balancing with sticky sessions and in-memory state
  replication.
  The documentation in Weblogic says that -
  When using in-memory state replication, your WebLogic Server Cluster must
  live behind one or more proxy servers. The proxy servers are smart enough to
  send servlet requests, belonging to the same HTTP session, back to the same
  server in the cluster that holds the session data.
  (Ref: http://www.weblogic.com/docs51/cluster/setup.html)
  Does this mean that the sticky session configuration has to be done on the
  iPlanet Web Server itself ?
  Also, if WebLogic is used as the Web server, does WebLogic provide any
  support for sticky sessions?
  Any help, suggestions or links to useful info are welcome.
  Regards,
  Milind.

  Mike,
  im curious as to why you would recomend using weblogic as a web server in 6.1?
  I would not for the following reasons:
  - it costs 10x more per cpu list
  - it doesnt support hardware accell cards (afaik, please let me know if this has
  changed)
  iplanet is really good a serving up static html and gif's, especially in ssl if you
  have a hardware accell card. So if you have a site with lots of graphics and you use
  ssl a lot, I think its still a better solution.
  -Joel
  Mike Reiche wrote:
  You get sticky round-robin by default.
  You need to have session tracking turned on (i think it is on by default). You
  need to have the WL plugin configured in iPlanet.
  When WL creates an httpSession, it writes a cookie (or rewrites the URL) back
  to the browser. On subsequent requests, the browser sends the cookie and iPlanet
  plug-in directs the request to the correct WL instance based on the ip address
  of the WL server embedded in the cookie.
  If you are using WLS 6.1, I would recommend using it as a web server (and not
  using iPlanet). I imagine that it supports stickly load balancing as well.
  Mike
  Joel Nylund <[email protected]> wrote:
  you get round robin by default, if you want a different scheme you can
  use one
  of the other 3 options (weight, random or parameter).
  -Joel
  I think weight can be set in weblogic properties. I havent used any other
  than
  round robin.
  Milind Prabhu wrote:
  We are using iPlanet Web Server 4.1 with WebLogic App Server; and wouldlike
  to implement load balancing with sticky sessions and in-memory state
  replication.
  The documentation in Weblogic says that -
  When using in-memory state replication, your WebLogic Server Clustermust
  live behind one or more proxy servers. The proxy servers are smartenough to
  send servlet requests, belonging to the same HTTP session, back tothe same
  server in the cluster that holds the session data.
  (Ref: http://www.weblogic.com/docs51/cluster/setup.html)
  Does this mean that the sticky session configuration has to be doneon the
  iPlanet Web Server itself ?
  Also, if WebLogic is used as the Web server, does WebLogic provideany
  support for sticky sessions?
  Any help, suggestions or links to useful info are welcome.
  Regards,
  Milind.

• Setting secure on session management cookie only in production

  I am faced with the following:
  In our developmentcycle we deliver full application exports to an acceptation environment and after testing to a production environment.
  However, only our production site does HTTPS. Development and acceptation only do HTTP.
  In production we have to set the "secure"flag on the session management cookie.
  We would like to set this flag in our deployment scripts.
  So,
  Is there an API we could use to set the "Secure" flag in the APEX metadata using SQL*Plus?

  hi
  ->Use request.getParameter(String s) to recieve the infomation from the html page into your servlet.for storing session specific info go for
  session.setAttribute(vble,value;
  hope it'll solve your problem.

• Users forced to clear cache and cookies after server move

  We recently moved our ColdFusion 9 website from one server to a new and improved upgraded spec server. The site works great and the upgrades are a huge improvement. However, since the move last Friday we are being flooded with calls to our helpdesk because a user goes to our normal login screen, enters their username and password, successfully login (which I store their last successful login in the account in a database so I know it's passing all login scripts), but when redirected to the "successful login" message screen, it is not holding the session variables from the login page and prompts them to login again. It's a basic form with username and password, a simple query to check for an account with those credentials and then if found sets a session.usauthenticated and then moves them to the next page. This has been working on the old server with no issues. I don't believe it's a coding issue, because on everyone who has called in, if we clear their cache and cookies from the browser and then attempt to login again, it works fine and maintains their session. This has worked on everyone so far. So I'm thinking it has something to do with our users storing cookies from the old server and the new server is trying to access them unsuccessfully.
  Is there a way around this? It seems rather odd to me that there isn't an easy way to migrate a website to a new server and treat it as a new website to the user instead of something cached. How can we make our website work for past users without having to have each and every person clear their cache and cookies (we're talking over 300,000 users here so this could get intense). Most users won't know to do this so they are all calling our help desk which is being overrun with these calls right now.

  never fails, after you post a question, you find the answer.   For anyone else who runs into this, we had to purge all cookie and session data from our users prior to them hitting the login screen. After doing the following code, they were able to successfully login on our new server without having to manually clear their cache and cookies from their browsers.
      <cflock scope="Session" timeout="10" type="exclusive">
        <cfset structclear(session)>
      </cflock>
      <cfloop item="name" collection="#cookie#">
      <cfcookie name="#name#" value="" expires="now" />
      </cfloop>