ADF Faces : session timeout best practice

Similar Messages

• Kiosk Session Timeout Best Practice

  Dear All,
  I've noticed that user sessions are being timed out after about 3 hrs 20 minutes (presumably this is the default) so people coming in to work in the morning are having to start new sessions which really isn't practical with Citrix.
  The users need to be able to leave a session in the evening and then pick it up again the following morning.
  What are people using as a timeout value for Sun Ray sessions - 12 hours? 24 hours? What's the best thing to do? Will it cause problems if I have lots of sessions hanging around for that length of time?
  Many thanks.
  Chris

  Dear All,
  I've noticed that user sessions are being timed out after about 3 hrs 20 minutes (presumably this is the default) so people coming in to work in the morning are having to start new sessions which really isn't practical with Citrix.
  The users need to be able to leave a session in the evening and then pick it up again the following morning.
  What are people using as a timeout value for Sun Ray sessions - 12 hours? 24 hours? What's the best thing to do? Will it cause problems if I have lots of sessions hanging around for that length of time?
  Many thanks.
  Chris

• ADF BC/ Faces - Session Timeouts in dialogs

  Hi,
  I was wondering if anyone has worked out how to handle session timeouts in dialogs? I have an application which has a shopping cart style dialog which is sized at 800x630 and launched from a main page. When the users session times-out they get the login screen within the dialog. How can I get the dialog to return to the main page and get the user to login there?
  Brenden

  Use the ADF Dialog in conjuncion with the af:poll component. The closing of the dialog is handled by a listener called a returnListner. See the blog entries below for complete details on how to use the dialog framework and its associated listeners.
  http://groundside.com/blog/DuncanMills.php?title=modal_dialogs_in_jsf_with_adf_faces&more=1&c=1&tb=1&pb=1
  http://thepeninsulasedge.com/blog/2006/08/31/adf-faces-working-with-aftableselectone-and-the-dialog-framework/

• Cisco ISE and WLC Timeout Best Practices

  I am fairly new to ISE. Our Cisco WLC is using 802.1x and ISE is configured for PEAP with all inner methods enabled.
  I am looking for some guidance around where I should be configuring timeouts. There is a PEAP Session timeout in ISE, a session timeout on the WLC and a RADIUS reauthentication timeout that can be set in the Authorization profile results object in ISE.
  Currently I have the WLC configured for its default 1800 second timeout and ISE PEAP timeout at the default 7,200 value.

  I ended up answering my own question. The authorization session timeouts should be set in ISE if at all.
  Once I removed the session timeout value from the WLC and used the re-auth value in the ISE policy I had less complaints about disconnects.
  The session timeout on the PEAP settings has not caused any ill affects at it's default. The session resume has taken a huge load off of AAA though. Its worth turning on.

• Request/session objects - Best Practice

  I have a simple scenario which I think other people will recognise, and am wondering what the best pattern to use in JSF is:
  I have a summary page which displays orders for the current user in a dataTable. This has a backing bean called orders.
  When the user clicks on an order, it calls an action on the orders object which fetches the specific order from the database and navigates to a second page to display details about the order.
  I don't mind the orders object being a session bean, but I don't really want the order bean to be session, it needs to be a request bean.
  How do I place the order bean somewhere so that it is a request bean on the second page?
  In ASP.NET I could place it in the ViewState before transferring control to the second page, or temporarily put it on the session, then pull it off the session when the second page loads the first time.
  The problem with putting the order object in the session is that it never goes away, and might be confused if the user has multiple browser windows open trying to look at 2 orders at the same time.

  Here's the way I do this kind of thing.
  In this case, I'd have a session bean called orders. It's got an orders property that will return all the orders for display in a dataTable. It's got a reference to a session-scoped bean that contains the id of the currently selected order. When the user selects an order (typically by clicking a commandLink) the id of the selected order is set in a session scoped bean called orderDetailsOptions and the user is navigated to the order details page. I'd have a Refresh button on the page that causes the orders to be reloaded.
  public class OrdersBean {
    private OrderDetailsOptionsBean orderDetailsOptions;
    private DataModel orders;
    private void reset() {
      orders = null;
    public OrdersBean() {
      reset();
    public void setOrderDetailsOptions( OrderDetailsOptionsBean orderDetailsOptions ) {
      this.orderDetailsOptions = orderDetailsOptions;
    public DataModel getOrders() {
      if ( orders == null ) {
        ResultSet rs = doQuery();
        orders = new ResultDataModel( ResultSupport.toResult( rs ) );
      return orders;
    /* Actions */
    public String orderSelected() {
      Map row_data = (Map) orders.getRowData();
      String order_id = orders.get( "orderId" );
      orderDetailsOptions.setOrderId( order_id );
      reset();
      return "toOrderDetails";
    public String refresh() {
      reset();
      return "success";
  }The OrderDetailsOptionsBean for the session holds the id of the currently selected order.
  public class OrderDetailsOptionsBean {
    private String order_id;
    public void setOrderId( String order_id ) {
      this.order_id = order_id;
    public String getOrderId() {
      return order_id;
  }The OrderDetailsBean is a request bean to get the details for the selected order.
  public class OrderDetailsBean {
    private OrderDetailsOptionsBean options;
    private String order_id = null;
    private Map fields = null;
    public void setOptions( OrderDetailsOptionsBean options ) {
      this.options = options;
    public String getOrderId() {
      if ( order_id == null ) {
        order_id = options.getOrderId();
    public Map getFields() {
      if ( fields == null ) {
        getOrderId();
        // Do the query.
      return fields;
  }Then here's what's in faces-config for this:
  <managed-bean>
    <managed-bean-name>orders</managed-bean-name>
    <managed-bean-class>OrderBean</managed-bean-name>
    <managed-bean-scope>session</managed-bean-scope>
    <managed-property>
      <property-name>orderDetailsOptions</property-name>
      <property-class>OrderDetailsOptionsBean</property-class>
      <value>#{orderDetailsOptions}</value>
    </managed-property>
  </managed-bean>
  <managed-bean>
    <managed-bean-name>orderDetailsOptions</managed-bean-name>
    <managed-bean-class>OrderDetailsOptionsBean</managed-bean-name>
    <managed-bean-scope>session</managed-bean-scope>
  </managed-bean>
  <managed-bean>
    <managed-bean-name>orderDetails</managed-bean-name>
    <managed-bean-class>OrderDetailsBean</managed-bean-name>
    <managed-bean-scope>request</managed-bean-scope>
    <managed-property>
      <property-name>options</property-name>
      <property-class>OrderDetailsOptionsBean</property-class>
      <value>#{orderDetailsOptions}</value>
    </managed-property>
  </managed-bean>
  <navigation-rule>
    <from-view-id>orders.jsp</from-view-id>
    <navigation-case>
      <from-outcome>toOrderDetails</from-outcome>
      <to-view-id>orderDetails.jsp</to-view-id>
      <redirect />
    </navigation-case>
  </navigation-rule>

• Session question; best practice

  Hi,
  One of our high profile application's queries/updates are served to user sessions. But we wanted to improve user query performance and reduce general database activity.
  This piece of application cause an auto refresh to execute every 60 seconds. These queries execute against order tables looking for statuses on active orders, are user specific, and in some cases are not optimally tuned producing very high database buffer get and disk read activity. On average, 1,500 executions representing various flavors of these queries are executed hourly.
  my questions are:
  1) how can we get max performance ?
  2) can we cache these queries for like every 30 secs ?
  3) how can we cache ? so that user sessions would access the cache.
  -sharma

  well, you could load the data and put it in the application scope (in memory) with a timeout time so that it's not used after however long, in which case, a request would have to go to get the newer data from the DB.

• What are default Zend Session handling best practices to prevent Cross Site Request Forgery?

  I have enjoyed the David Powers book Adobe Dreamweaver CS5 with PHP:  Training from the Source - and have put many of the examples into practice.  I have a security related concern that may be tied to the Zend::Auth example in the book.  While this is installed an working on my site:
  <?php
  $failed = FALSE;
  if ($_POST) {
    if (empty($_POST['username']) || empty($_POST['password'])) {
      $failed = TRUE;
    } else {
      require_once('library.php');
      // check the user's credentials
      try {
        $auth = Zend_Auth::getInstance();
        $adapter = new Zend_Auth_Adapter_DbTable($dbRead, 'user', 'login', 'user_pass', 'sha1(?)');
        $adapter->setIdentity($_POST['username']);
        $adapter->setCredential($_POST['password']);
        $result = $auth->authenticate($adapter);
        if ($result->isValid()) {
          $storage = $auth->getStorage();
          $storage->write($adapter->getResultRowObject(array(
            'ID', 'login',  'user_first', 'user_last', 'user_role')));
          header('Location: /member/index.php');
          exit;
        } else {
          $failed = TRUE;
      } catch (Exception $e) {
        echo $e->getMessage();
  if (isset($_GET['logout'])) {
    require_once('library.php');
    try {
      $auth = Zend_Auth::getInstance();
      $auth->clearIdentity();
    } catch (Exception $e) {
      echo $e->getMessage();
  Apparently, there is  very limited protection against Cross Site Request Forgery, where the resulting SessionID could be easily hijacked?  I am using the Zend Community edition (I have 1.11.11).     I have an observation from a client that this authentication is not up to snuff. 
  To boil it down: 
  1.  Is there a Zend configuration file that might have some settings to upgrade the Session and or authentication security basics? I'm wondering specifically about the settings in /library/Zend/session.php? Ie secure the session against a changing user IP, and invoking some other session handling stuff (time-out etc). 
  2.  If I understand it correctly, "salting" won't help with this, unless it's added/checked via a hidden POST at login time? 
  Ideally, the man himself, David Powers would jump in here - but I'll take any help I can get!
  Thanks!

  Might ask them over here.
  http://forums.asp.net/1146.aspx/1?MVC
  Regards, Dave Patrick ....
  Microsoft Certified Professional
  Microsoft MVP [Windows]
  Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

• Session Data - best practice

  Hi,
            We are designing a Servlet/JSP based application that has a web-tier
            separate from the middle tier.
            One of our apps have a lot of user inputs, average 500k and upto 2MB of data
            in the request.
            We do not have a way of breaking this application up (i.e the whole 2MB form
            data must be posted at ome time).
            We have 2 solutions and want to know what is the better one and wahy ...
            1. Use session and store all the information in the session.
            2. use Javascript to assemble all the data and submit it at one time.
            I prefer #2 because I don't want to use sessions and also becuase I don't
            want to use a database on the web-tier....
            Please help me explain to my cpollegues who are convinced that we have to
            use sessions to store this data..
            -JJ
            

  I'm not overly familar with Weblogic clustering, but I assume it is similar in concept to OC4J clustering. The thing that you need to be aware of is that any object stored in HttpSession needs to be completely serializable. The LibrarySession that you create/obtain for a user cannot be serialized. Thus you need to come up with a technique that allows a user to obtain the same librarysession instance from whatever store it may be across multiple requests.
  CM SDK, Files, Content Services typically achieve high availability through use of multiple midtiers with Big IP in front. Our out-of-box applications do not make use of OC4J clustering.
  thanks,
  matt.

• Handle Session Timeout

  I am using JDeveloper 11.1.1.6.
  I am trying to gracefully handle session time outs in ADF. My application has been experiencing the 'canned' ADF session timeout popup when I am logged into my application and the session has timed out. That same popup is rendered even if I am sitting at my login page but haven't signed in.
  I have followed Frank Nimphius's guidance as explained in the following forum to have my application re-direct to the login page after session timeout. That works great thanks to his well detailed document.
  ADF Faces : session timeout best practice
  The concern I have now is if I am sitting at my login page and my session times out, the application stays at the login page. I now type my credentials and click log in. Because the application thinks my session is timed out, I am taken back to the login page. Ideally I wouldn't think the login page would hold a session. Do you have any guidance on how I can get around this.

  Hi,
  what about using programmatic login, in which case the login form is part of a public page (see http://www.oracle.com/technetwork/issue-archive/2012/12-jan/o12adf-1364748.html for an example you can download)
  Frank

• Jdev101304 SU5 - ADF Faces - Web app deployment best practice|configuration

  Hi Everybody:
  1.- We have several web applications that provides a service/product used for public administration purposes.
  2.- the apps are using adf faces adf bc.
  2.- All of the apps are participating on javaSSO.
  3.- The web apps are deployed in ondemand servers.
  4.- We have notice, that with the increase of users on this dates, the sessions created by the middle tier in the database, are staying inactive but never destroyed or removed.
  5.- Even when we only sing into the apps using javasso an perform no transacctions (like inserting or deleting something), we query the v$sesisons in the database, and the number of inactive sessions is always increasing, until the server colapse.
  So, we want to know, if this is an issue of the configurations made on the Application Module's properties. And we want to know if there are some "best practices" that you could provide us to configure a web application and avoid this behavior.
  The only configurations that we found recomended for web apps is set the jbo.locking.mode to optimistic, but this doesn't correct the "increasing inactive sessions" problem.
  Please help us to get some documentation or another resource to correct configure our apps.
  Thnks in advance.
  Edited by: alopez on Jan 8, 2009 12:27 PM

  hi alopez
  Maybe this can help, "Understanding Application Module Pooling Concepts and Configuration Parameters"
  see http://www.oracle.com/technology/products/jdev/tips/muench/ampooling/index.html
  success
  Jan Vervecken

• ADF Faces JDev 10g Dialog framework and session timeouts

  Hi,
  using ADF Faces & BC 10.1.3.4 for a web application with a main page that opens a dialog where the uses fill out stuff and click next until complete. Occasionally they will leave the application open and the session times out and when they go to use it they get the login page inside the dialog. They login but as expected the whole state of their session is lost resulting in no or the wrong record being displayed. Additionally of they go back to the parent window the row keys are all stuffed, they get the first record in the dialog even though the record from the previous session was still shown on the screen.
  Any web developer would know to close the dialog and login properly, but this for end users of any experience level.
  Is there anyway to prevent the login screen appearing in the dialog or at least direct them to properly re-establishing the session?
  Brenden

  Hi,
  the question is how you identify that the page is loaded in a dialog window. Because if you know this then the redirect would be to a html page that has an onLoad event defined that calls window.close();. Next problem then however is that the calling parent page too is timed out.
  Frank

• Best Practice for Handling Timeout

  Hi all,
  What is the best practice for handling timeout in a web container?
  By the way, we have been using weblogic 10.3
  thanks

  Are you asking about this specific to web services, or just the JEE container in general for a web application?
  If a web application, Frank Nimphius recently blogged a JEE filter example that you could use too:
  http://thepeninsulasedge.com/frank_nimphius/2007/08/22/adf-faces-detecting-and-handling-user-session-expiry/
  Ignore the tailor fitted ADF options, this should work for any app.
  CM.

• Sessions and Controllers best-practice in JSF2

  Hi,
  I've not done web development work since last using Apache Struts for its MVC framework ( about 6 years ago now ). So bear with me if my questions does not make sense:
  SESSIONS
  1) Reading through the JSF2 spec PDF, it mentions about state-saving via the StateManager. I presume this is also the same StateManager that it used to store managed-beans that are in @SessionScoped ?
  2) In relation to session-scoped managed beans, when does a JSF implementation starts a new session ? That is, when does the implementation such as Mojarra call ExternalContext.getSession( true ) .. and when does it simply uses an existing session ( calling ExternalContext.getSession( false ) ) ?
  3) In relation to session-scoped managed beans, when does a JSF implementation invalidate a session ? That is, when does the implementation call ExternalContext.invalidateSession() ?
  4) Does ExternalContext.getSession( true ) or ExternalContext.invalidateSession() even make sense if the state-saving mechanism is client ? ( javax.faces.STATE_SAVING_METHOD = client ) Will the JSF implementation ever call these methods if the state-saving mechanism is client ?
  CONTROLLERS
  Most of the JSF2 tutorials that I have been reading on-line uses the same backing-bean when perfoming an action on the form ( when doing a POST or a GET or a post-back to the same page ).
  Is this best practice ? It looks like mixing what should have been a simple POJO with additional logic that should really be in a separate class.
  What have others done ?

  gimbal2 wrote:
  jmsjr wrote:
  EJP wrote:
  It's better because it ensures the bean gets instantiated, stuck in the session, which gets instantiated itself, the bean gets initialised, resource-injected, etc etc etc. Your way goes goes behind the scenes and hopes for the best, and raises complicated questions that don't really need answers.Thanks.
  1) But if I only want to check that the bean is in the session ... and I do NOT want to create an instance of the bean itself if it does not exist, then I presume I should still use ExternalApplication.getSessionMap.get(<beanName>).I can't think of a single reason why you would ever need to do that. Checking if a property of a bean in the session is populated however is far more reasonable to me.In my case, there is an external application ( e.g. a workflow system from a vendor ) that will open a page in the JSF webapp.
  The user is already authenticated in the workflow system, and the external system from the vendor sends along the username and password and some parameters that define what the request is about ( e.g. whether to start a new case, or open an existing case ). There will be no login page in the JSF webapp as the authentication was already done externally by the workflow system.
  Basically, I was think of implementing a PhaseListener that would:
  1) Parse the request from the external system, and store the relevant username / password and other information into a bean which I store into the session.
  2) If the request parameter does not exist, then I go look for a bean in the session to see if the actual request came from within the JSF webapp itself ( e.g. if it was not triggered from the external workflow system ).
  3) If this bean does not exist at all ( e.g. It was triggered by something else other than the external workflow system that I was expecting ) then I would prefer that it would avoid all the JSF lifecycle for the current request and immediately do a redirect to a different page ( be it a static HTML, or another JSF page ).
  4) If the bean exist, then proceed with the normal JSF lifecycle.
  I could also, between [1] and [2], do a quick check to verify that the username and password is indeed valid on the external system ( they have a Java API to do that ), and if the credentials are not valid, I would also avoid all the JSF lifecycle for the current request and redirect to a different page.

• Best practice for mouseless ADF applications

  I am developing an ADF application where the users do not want to use the mouse.
  So I would like to know if there are a best practice for this?
  I am already using the accessKey functionality and subforms defaultCommand
  But I have had problems setting focus to objects on a page like tables. I would like a button to return the focus to the table after it has made the command like delete.
  I have implemented a solution where I have found inspiration several threads and other webpages (see below).
  Is this solution okay?
  Are there any problems with it?
  I would also like to know if there are better pathways to go like
  out of the box solutions,
  http://www.oracle.com/technetwork/developer-tools/adf/learnmore/79-global-template-button-strategy-360139.pdf (are there an example implementation?), or
  http://one-size-doesnt-fit-all.blogspot.dk/2010/11/adf-ui-shell-supporting-global-hotkeys.html
  in advance thanks
  Inspiration webpages
  https://blogs.oracle.com/jdevotnharvest/entry/how_to_programmatically_set_focus
  http://technology.amis.nl/2008/01/04/adf-11g-rich-faces-focus-on-field-after-button-press-or-ppr-including-javascript-in-ppr-response-and-clientlisteners-client-side-programming-in-adf-faces-rich-client-components-part-2/
  how to Commit table by writting Java code in Managed Bean?
  Table does not refresh and getting error as UIComponent is Null
  A short description of the solution:
  (jdeveloper version 11.1.1.2.0)
  --- Example where I use onSetFocus in jsff page
  <af:commandButton text="#{hrsusuiBundle.FOCUS}" id="cb10"
  partialSubmit="true" accessKey="f"
  shortDesc="Alt+Shift+F"
  actionListener="#{managedBean_clientUtils.onSetFocus}">
  <af:clientAttribute name="focusField" value="t1"/>
  </af:commandButton>
  --- Examples where I use doTableActionAndSetFocus in jsff page
  --- There have to be a binding in the jsff page to delete, commit and rollback
  <af:commandButton text="#{hrsusuiBundle.DELETE}" id="cb4"
  accessKey="x"
  shortDesc="Alt+Shift+X"
  partialSubmit="true"
  actionListener="#{managedBean_clientUtils.doTableActionAndSetFocus}">
  <af:clientAttribute name="focusField" value="t1"/>
  <af:clientAttribute name="actionField" value="Delete"/>
  </af:commandButton>
  <af:commandButton text="#{hrsusuiBundle.COMMIT}" id="cb5"
  accessKey="s" shortDesc="Alt+Shift+S"
  partialSubmit="true"
  actionListener="#{managedBean_clientUtils.doTableActionAndSetFocus}">
  <af:clientAttribute name="focusField" value="t1"/>
  <af:clientAttribute name="actionField" value="Commit"/>
  </af:commandButton>
  <af:commandButton text="#{hrsusuiBundle.ROLLBACK}" id="cb6"
  accessKey="z" shortDesc="Alt+Shift+Z"
  partialSubmit="true"
  actionListener="#{managedBean_clientUtils.doTableActionAndSetFocus}"
  immediate="true">
  <af:resetActionListener/>
  <af:clientAttribute name="focusField" value="t1"/>
  <af:clientAttribute name="actionField" value="Rollback"/>
  </af:commandButton>
  --- This is the java class I use
  --- It is published in adfc-config.xml as a request scope managedbean
  public class ClientUtils {
  public ClientUtils() {
  public void doTableActionAndSetFocus(ActionEvent event) {
  RichCommandButton rcb = (RichCommandButton)event.getSource();
  String focusOn = (String)rcb.getAttributes().get("focusField");
  String actionToDo = (String)rcb.getAttributes().get("actionField");
  UIComponent component = null;
  String clientId = null;
  component = JSFUtils.findComponentInRoot(focusOn);
  clientId = component.getClientId(JSFUtils.getFacesContext());
  if ( "Delete".equals(actionToDo) || "Commit".equals(actionToDo) || "Rollback".equals(actionToDo) ){
  BindingContainer bindings = BindingContext.getCurrent().getCurrentBindingsEntry();
  OperationBinding operationBinding = bindings.getOperationBinding(actionToDo);
  Object result = operationBinding.execute();
  AdfFacesContext.getCurrentInstance().addPartialTarget(component);
  if (clientId != null) {           
  makeSetFocusJavaScript(clientId);
  public static String onSetFocus(ActionEvent event) {
  RichCommandButton rcb = (RichCommandButton)event.getSource();
  String focusOn = (String)rcb.getAttributes().get("focusField");
  String clientId = null;
  if (focusOn.contains(":")) {
  clientId = focusOn;
  } else {
  clientId = findComponentsClientIdInRoot(focusOn);
  if (clientId != null) {           
  makeSetFocusJavaScript(clientId);
  return null;
  private static void writeJavaScriptToClient(String script) {
  FacesContext fctx = FacesContext.getCurrentInstance();
  ExtendedRenderKitService erks = null;
  erks = Service.getRenderKitService(fctx, ExtendedRenderKitService.class);
  erks.addScript(fctx, script);
  public static void makeSetFocusJavaScript(String clientId) {
  if (clientId != null) {
  StringBuilder script = new StringBuilder();
  //use client id to ensure component is found if located in
  //naming container
  script.append("var textInput = ");
  script.append("AdfPage.PAGE.findComponentByAbsoluteId");
  script.append ("('"+clientId+"');");
  script.append("if(textInput != null){");
  script.append("textInput.focus();");
  script.append("}");
  writeJavaScriptToClient(script.toString());
  public static String findComponentsClientIdInRoot(String id) {
  UIComponent component = null;
  String clientId = null;
  component = JSFUtils.findComponentInRoot(id);
  clientId = component.getClientId(JSFUtils.getFacesContext());
  return clientId;
  }

  Hi,
  I am developing an ADF application where the users do not want to use the mouse. So I would like to know if there are a best practice for this?
  Well HTML (and this is the user interface you see) follows a tab index navigation that you follow with "tab" and "shift+tab". Anything else is a short cut for which you use mnemonics (as you already do) or shortcuts (explained in http://one-size-doesnt-fit-all.blogspot.dk/2010/11/adf-ui-shell-supporting-global-hotkeys.html). There is a distinction to make between non-web environments (which I think you and your users have abackground in) and client desktop environments. Browsers block some keyboard functionality for their own purpose. So you may have to find a list of keys first that work across browsers. Unlike desktop clients, which allow you to "press a button" without the button to take focus, this cannot be done on the web. So you need to be clever here, avoiding buttons at all.
  The following paper is about JavaScript in ADF and explains the basics for what Chris Muir explains in : http://one-size-doesnt-fit-all.blogspot.dk/2010/11/adf-ui-shell-supporting-global-hotkeys.html
  http://www.oracle.com/technetwork/developer-tools/jdev/1-2011-javascript-302460.pdf
  It has the outline for how to register short cut keys that perform a specific action (e.g. register ctrl+d to delete the current row you are on, or press F11 to execute a query (similar to Oracle Forms frmres files)). However, be aware that this includes some code you have to write (actually quite some code to be honest).
  http://www.oracle.com/technetwork/developer-tools/adf/learnmore/79-global-template-button-strategy-360139.pdf (are there an example implementation?), or
  http://one-size-doesnt-fit-all.blogspot.dk/2010/11/adf-ui-shell-supporting-global-hotkeys.html
  Actually these are implementations as they come with example code for you to use and customize, do they? So what is this question asking for more ? Also note that global buttons don't quite have anything in common with the question you asked. I assume you want to see it as an implementation of the Forms toolbar that operates on the form or table the focus is in. This however does not work for the web as there is nothing that keeps track of which component has a focus and to what iterator (data block) it belongs. This would involve even more coding (though possibly doable)
  Frank

• Best practice for keeping a mail session open in web application?

  Hello,
  We have a webmail like application where users login with their IMAP credentials, then are taken to an authenticated area of the site where they can manage different things about their email account.
  Right now the application is opening and closing a mail store connection (via a new javax.mail.Session) for each page load based on the current logged in user credentials. To me this seems like it would be a bad practice to keep opening and closing a connection each page load.
  Are there any best practices for this situation? It would be nice to be able to open the connection to the mail server on login, then keep that connection open until the person logs out, session expires, etc.
  I can probably put the javax.mail.Session into the HTTP session, but that seems like it would break any clustering functionality of tomcat. This would be fine if the machine the user is on didn't fail, but id assume if they failed over to another the mail session would be gone. Maybe keeping the mail session in the http session, checking for a connection, then first attempting to reconnect with the logged in credentials before giving up would be a possiblity?
  Any pointers would be appreciated

  If you keep the connection open across pages, you're going to need to deal with
  timeouts - from the http session and from the mail server.
  If you don't keep the connection open, you're going to need to "resynchronize"
  your view of the store/folder with each operation, in case the folder is modified
  by another session.
  The former is easier in the common cases, especially if you don't care how gracefully
  you handle failures. The latter is more difficult in the common cases, but handles
  failure better, and in particular handles clustering better. You'll need to measure it to
  see if it meets your performance and scalability requirements. You may need to mix
  the two approaches to get acceptable performance.