Again Session-Handling

Similar Messages

• Advice for Session Handling

  I'm in the process of constructing a second application, and have once again faced the same problem I've faced in the past.
  Session Handling. One thing That I'm very concerned about is people using the Browser Back Button. Unfortunately when people use the back button the page they see is not coming from the server, but from their browser's cache. This means that the session info that they see is not up to date. In both my applications this would lead to some seriou problems.
  Any suggestions as to how I can either remove the Browser's Back button, or have the servlet refresh when the back button is pushed. Any other suggestions wouls also be greatly appreciated.
  Thanks,
  -Amos

  Hi
  It would be very helpful if you can present a scenario in your application where the back button usage would cause seroius problems.
  Technically speaking you cannot remove the back button. But what you can do is through Java Script open browser windows where the back and front button's tool bar is not visible, but note that the user's can still use the keyboard to move back and forth.
  As far as session handling is concerned you would have to take all the worst case scenarios while designing your web application like the browser crashing, user's closing their browser windows without explicit logout, a database transaction not going through etc.
  Present a scenario of your application so that the session handling mechanism may be discussed.
  Good Luck!
  Eshwar Rao
  Developer Technical Support
  Sun microsystems inc
  http://www.sun.com/developers/support

• Trouble with session handle???

  Hi everybody, its me again... i solve part of my problem but now i have another problem thats bothers me....my scenario is the follow: i have an app running in a portal, then i have a link in the portal who bring me a pop up of the active page of that app, that is shown on the portal in that moment. when i call the pop up, some class attributes change its values for do something, when i close the pop up, those class attribute refresh and take its initial values (values necessary to run correctly in the portal) BUT, when i minimize the window (no close it) and start to manipulate the app in the portal (the app is statefull), the values stay the same as if i was operating the app in the pop up and obvious do something that it should'nt do. My question is: there is some way...may be with session handler like sap-sessioncmd (i test it but it doesnt work), that help me to manage diferent session for the pop up and the app running in the portal...or may be some parameter (that is pass it via url) that help me to create another object of the class when i calls the pop up

  thanks for the help. I thought Id tell you more about what I
  am doing and see if you have comments - we use google to market our
  company so clicks are costing us big bucks. currently, our sites
  rely on session management to operate, so I realize that folks
  having cookies off is really hurting us. All the references I can
  find tote passing the session.URLToken around the site to make it
  cookie independent. I havent done this yet, first im trying to get
  a handle on how many people have cookies off (like you are), and
  where people are coming from to see if we are having click fraud
  (which we are very suspicious of).
  Is this what you would do (passing the URLToken around)? Any
  other comments you have would be very much appreciated.

• Problem on "Session Handling"

  Hi everyone,I write a simple servlet program on Session handling.In this I use invalidate() method to invalidate the session.
  invalidate() But the problem is that when i push the back button the session data gets back,means in the previous page session data gets visible.please help me.

  All what you can do is to instruct the client not to cache the page. You can do this by adding the following entries to the HTML head:
  <meta http-equiv="cache-control" content="max-age=0, must-revalidate, no-cache, no-store, private">
  <meta http-equiv="pragma" content="no-cache">
  <meta http-equiv="expires" content="-1">If you want to do this programmatically on HttpServletResponse (using a Filter or so):
  response.setHeader("cache-control", "max-age=0, must-revalidate, no-cache, no-store, private"); // HTTP 1.1
  response.setHeader("pragma", "no-cache"); // HTTP 1.0
  response.setDateHeader("expires", -1); // ProxyMake sure that you clears your browser cache before testing.

• Configure no. of session handled for same sql

  hi, experts,
  hi, if there is one report (only fire 1 sql by this report).
  if only one internet explorer to run this report , it use 3 minutes to get it.
  I use 3 internet explorers to run the same report but not running the report at the same time.
  firstly, I run the report on first internet explorer.
  then after 10 seconds, I run the report on 2nd internet explorer.
  then after 10 seconds, I run the report on 3rd internet explorer.
  after result on all internet explorer came, I check the sessions on the "Manage Sessions"
  there are 2 sessions for same report.
  How to configure no. of session handled for same sql on OBIEE?
  thank you very much!

  shipon_97 wrote:
  Here I see that at a particular time of the database , the number of session from v$session is "271" where as the number of session in the "v$resource_limit" is "280" . Here I get some differ among these parameters .
  Would anybody plz tell why the no of sessions differ between v$session and v$resource_limit parameters .
  The v$session views shows current sessions (which change rapidly), while the v$resource_limit shows the maximum resource utilization, like a high-water mark.
  http://download-east.oracle.com/docs/cd/A97630_01/server.920/a96536/ch3155.htm

• Error - session handle nor valid for ivi

  Hi All
  I have posted this question in existing thread also I guess.
   I am trying to control TDK lambda power supply through LabVIEW using IVI drivers.
  logical name set in a MAX is same as what I am giving in VI to InitializeWithOptions.vi . However I am ending up with this error "IviDCPwr Initialize With Options.vi<ERR>
  Primary Error: (Hex 0xBFFA1190) The session handle is not valid."
  Not sure why this error is coming.
   Can anyone help me with this error?

  You might be using an IVI-COM driver and trying to use IVI-C Class driver VIs without having installed the IVI-COM adapters.
  As mentioned in the knowledge base below The IVI-COM adapters are included with IVI Compliance Package 3.2 and later, but must be enabled in the installer's feature tree.
  IVI-C Class Driver Support for IVI-COM Specific Drivers
  http://digital.ni.com/public.nsf/allkb/5499F9DBD07522F686256F260066BA86?OpenDocument
  duplicate post
  http://forums.ni.com/t5/Instrument-Control-GPIB-Serial/TDK-Lambda-Power-Supply-error/m-p/3118149#M68...

• Implementation of session handling for using web services

  Hi,
  I would like to use session handling in web services using ABAP stack in order to start the session with an user login function followed by other RFC calls till a user logout. So far, I found only the following help note in the SAP online help:
  Interface Profile
  In the interface profile, choose the required processing type: Stateful or Stateless.
  A stateful service retains its status within the framework of a HTTP session throughout several calls form the same service consumer. The standard value for services is Stateless.If you require stateful communication, you can choose this instead.
  [http://help.sap.com/saphelp_nwpi71/helpdata/de/45/25291b5a2657c0e10000000a1553f7/content.htm |http://help.sap.com/saphelp_nwpi71/helpdata/en/45/25291b5a2657c0e10000000a1553f7/content.htm]
  Please, could someone explain me the further required steps of SAPs session handling idea cause just settting the status to stateful is still not the solution itself...
  Regards,
  Jens

  Now, I found the possible scenarios, suggest by SAP Help, regarding security for Web Services ([http://help.sap.com/saphelp_nw73/helpdata/en/48/8ebbba66be06b2e10000000a42189b/content.htm|http://help.sap.com/saphelp_nw73/helpdata/en/48/8ebbba66be06b2e10000000a42189b/content.htm]):
  - SAML & WS SecureConversation -> SSO
  - WS Security UsernameToken & WS SecureConversation
  - User ID and Password in HTTP Header & HTTPS
  - SAP Authentication Assertion Ticket & HTTPS -> SSO
  - X.509 SSL Client Certificate through HTTPS
  - WS Security: X.509 Certificate Authentication at Message Level
  Are scenarios with SSO the solution for creating sessions!?

• What are default Zend Session handling best practices to prevent Cross Site Request Forgery?

  I have enjoyed the David Powers book Adobe Dreamweaver CS5 with PHP:  Training from the Source - and have put many of the examples into practice.  I have a security related concern that may be tied to the Zend::Auth example in the book.  While this is installed an working on my site:
  <?php
  $failed = FALSE;
  if ($_POST) {
    if (empty($_POST['username']) || empty($_POST['password'])) {
      $failed = TRUE;
    } else {
      require_once('library.php');
      // check the user's credentials
      try {
        $auth = Zend_Auth::getInstance();
        $adapter = new Zend_Auth_Adapter_DbTable($dbRead, 'user', 'login', 'user_pass', 'sha1(?)');
        $adapter->setIdentity($_POST['username']);
        $adapter->setCredential($_POST['password']);
        $result = $auth->authenticate($adapter);
        if ($result->isValid()) {
          $storage = $auth->getStorage();
          $storage->write($adapter->getResultRowObject(array(
            'ID', 'login',  'user_first', 'user_last', 'user_role')));
          header('Location: /member/index.php');
          exit;
        } else {
          $failed = TRUE;
      } catch (Exception $e) {
        echo $e->getMessage();
  if (isset($_GET['logout'])) {
    require_once('library.php');
    try {
      $auth = Zend_Auth::getInstance();
      $auth->clearIdentity();
    } catch (Exception $e) {
      echo $e->getMessage();
  Apparently, there is  very limited protection against Cross Site Request Forgery, where the resulting SessionID could be easily hijacked?  I am using the Zend Community edition (I have 1.11.11).     I have an observation from a client that this authentication is not up to snuff. 
  To boil it down: 
  1.  Is there a Zend configuration file that might have some settings to upgrade the Session and or authentication security basics? I'm wondering specifically about the settings in /library/Zend/session.php? Ie secure the session against a changing user IP, and invoking some other session handling stuff (time-out etc). 
  2.  If I understand it correctly, "salting" won't help with this, unless it's added/checked via a hidden POST at login time? 
  Ideally, the man himself, David Powers would jump in here - but I'll take any help I can get!
  Thanks!

  Might ask them over here.
  http://forums.asp.net/1146.aspx/1?MVC
  Regards, Dave Patrick ....
  Microsoft Certified Professional
  Microsoft MVP [Windows]
  Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

• ERP2004: ESS JCO session handling in Web Dynpro apps?

  Hello,
  we run ESS/MSS Web Dynpro scenarios, running on WAS 6.40, SP12 in
  Enterprise Portal EP6 SP2 Patch 32. Our go live will be with > 1000 ESS users.
  1. When will the sessions in R/3 backend system be terminated by the
  Web Dynpro Application?
  How is the session handling in FPM (Floor Plan Manager) implemented?
  2. Are there any recommendations regarding the JCO connection settings
  in Web Dynpro Content Administrator (Maximum Pool Size, Maximum Connections,
  Connection Timeout, Maximum Wait Time) to reduce / optimize the load for the
  backend system? I found a documentation in SDN but it is not
  specific for ESS / MSS based on Web Dynpro.
  Background of questions above: The customer is worry about the load on
  SAP R/3 backend side: too much current users in the R/3 backend system,
  possibly bad performance etc. because the JCO sessions are open a long time.
  Are there any experiences with customers running productive ESS / MSS scenarios
  based on Web Dynpro?
  Thanks & Best regards,
  Daniel

  Hi,
  1. For best practices on JCO settings follow the tutorial below and do it accordingly for your no of users. YOu might have to do some trial and error procedure.
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/3103eb90-0201-0010-71af-be6f4a6f61d1
  2. For standards, security settings, cache management etc, SAP will give a TODO list after a remote audit of your project.
  regds,
  Sukanta Rudra

• Session Handling in ATG

  Friend,
  Could you please provide any best document about session handling in ATG.
  Thanks in advance

  You can refer these:
  http://docs.oracle.com/cd/E35318_02/Platform.10-1-1/ATGInstallGuide/html/s0710sessionmanagementinoracleatgwebc01.html
  http://docs.oracle.com/cd/E35318_02/Platform.10-1-1/ATGInstallGuide/html/s0814enablingcomponentbackup01.html
  https://docs.google.com/file/d/0B8rpgofYlaJnYTBiNGNmNjMtODU0MS00NDNmLThmOWItNGQzN2UwODBjODRi/edit?pli=1

• Session handling in Flex

  I am using remote object for the flex and service communication. After multiple time log in and log out , which is done by remote object call also, I am getting different session id for browser and from the client side. Is there any way to restrict this session id conflict

  I think you are getting confused by comparing flex
  development with jsp serverside development, its completely
  different thing,
  1. How to pass hidden variables using flex.(In jsp we pass it
  throuth hidden field, is there any mechanism similar to that one)
  -- honestly, where do you really want to pass hidden field to
  ? (hidden fields is a hack implemented to overcome the way http
  protocol works , in flex you don't need that hack) .
  2) you can implement exception routine same way (even easier
  in flex) if error occures show this and this page(for example error
  canvas. with error mesage thats it,
  3) How to do session handling in Flex.
  -- question is too vague, do you ave concrete problem that
  you think of?

• Regarding session handling in BSP

  hi all,
      we have integrated our BSP application to EP 5.o, we have used 'existbspapplication'(used buffered page) function in our default page to handle the sessions.
     and its working fine, but now we have to integrate it to the  EP 6.0 and we find the sessions are not terminated, and tend to remain after closing the application manually.
     my question is does portal handle sessions if yes, tried the same(by removing session handling code from default page) but could not get the desired result. is there any other way to handle sessions in EP 6.0
    thanks,
    raju
  Message was edited by: krishnam raju

  Hi,
  Did you set the checkbox for portal integration on in the properties of the BSP page?
  Check also
  http://help.sap.com/saphelp_nw2004s/helpdata/en/83/132197c3564643af326a5ebccb604f/frameset.htm
  Furthermore, check things like
  /people/eddy.declercq/blog/2005/11/15/enemy-of-the-state
  /people/eddy.declercq/blog/2006/03/20/wake-me-up-before-you-go-go
  Eddy

• Implementing session handling in servlet controller

  how to implementing session handling in servlet controller.
  instead of writing isNew() in every jsp page i wanted to write in my central controller ,where each request is passing through controller. can any body give me the solution

  i tried it it is failed because first time the request is coming to the controller.it checks for new since of it is a first request it is forwarded to the login page.how to avoid or skip the condition checking when the request is first time.

• -1074130544 The session handle is not valid.

  I am using LabView 2011 on Win7.
  I am trying to work my way through the "Verification Procedure" part of the "NI PXI-4071 Calibration Procedure".  Step 3 of the Verification Procedure states "Call the niDMM Reset VI." and displays Figure 1. The Device, NI PXI-4071, displays OK in NI-MAX (Figure 2) and works OK with the "NI DMM Soft Front Panel" program. When I run what I think is the correct code, the error -1074130544, "The session handle is not valid." is displayed. The BD and FP are shown in Figure 3.  
  Solved!
  Go to Solution.
  Attachments:
  Figure 1.jpg ‏26 KB
  Figure 2.jpg ‏91 KB
  Figure 3.jpg ‏42 KB

  Hi Ed,
  If you want to call niDMM Reset, you will need to provide an instrument handle rather than an instrument descriptor.  
  To start a session to your DMM and generate an instrument handle that you can use with other NI-DMM functions, you will first need to call niDMM Initialize or niDMM Initialize with Options.  You can wire the "Dev1" to the "Instrument Descriptor" pin and the function will return an instrument handle.  You can then wire the "instrument handle out" pin to the "instrument handle" pin on the niDMM Reset VI.  Whenever you initialize a session to an instrument, it is also good practice to close out the session by wiring the instrument handle to a niDMM Close function.  The snippet of code below shows what I've described:
  I also included a Simple Error Handler VI to report any errors that occur.
  Also, it looks as if you are calling niDMM Reset with Defaults instead of niDMM Reset.  If you haven't assigned any user-defined default values to your device's logical name then the two calls should be functionally equivalent.  
  If you make these changes you should no longer generate the error.
  Good luck!
  Regards,
  Jared R.
  Precision DC Product Support Engineer
  National Instruments

• 'MAPI Session Handle' of the NGW 'Object Request Broker' could not be accessed (0x80004005) on attempt to get an address book

  Hi!
  When I try to access GW address book by calling
  DIGWAccount6::GetSystemAddressBook, or DIGWAccount6::AddressBooks, or even
  DIGWMessage::Send, I'm getting messagebox with title "Address Book Error"
  and message: "The 'MAPI Session Handle' of the Novell GroupWise 'Object
  Request Broker' could not be accesses. The address book cannot run (error:
  status: 0x80004005)."
  I'm using .NET and I only get this error when I create a console
  application. With windows application everything goes fine.
  I've tried reinstalling GW client, running fixmapi utility, installing
  different versions of MAPI CDO, but still got this problem.
  Any ideas?

  In the Application object.
  >>> On Monday, July 26, 2010 at 4:16 PM,
  shutchinson<[email protected]> wrote:
  > Where would we set this?
  >
  > Thanks!
  >
  > Scott
  >
  > Preston Stephenson;1755943 Wrote:
  >> Do you need to use the MAPI address book providers?
  >> Can you use MultiLogin and set MultiLoginAddressBookSupport = TRUE?
  >>
  >> Preston
  >>
  >> >>> On Tuesday, November 11, 2008 at 4:22 AM, Vladimir
  >> Iofik<[email protected]>
  >> wrote:
  >> > Hi!
  >> > When I try to access GW address book by calling
  >> > DIGWAccount6::GetSystemAddressBook, or DIGWAccount6::AddressBooks, or
  >> even
  >>
  >> > DIGWMessage::Send, I'm getting messagebox with title "Address Book
  >> Error"
  >>
  >> > and message: "The 'MAPI Session Handle' of the Novell GroupWise
  >> 'Object
  >> > Request Broker' could not be accesses. The address book cannot run
  >> (error:
  >>
  >> > status: 0x80004005)."
  >> > I'm using .NET and I only get this error when I create a console
  >> > application. With windows application everything goes fine.
  >> > I've tried reinstalling GW client, running fixmapi utility,
  >> installing
  >> > different versions of MAPI CDO, but still got this problem.
  >> >
  >> > Any ideas?