APEX Security: Multiple session cookies in one browser

Similar Messages

• Setup for Discoverer to have multiple sessions opening in different browser

  What is the setup for Discoverer or Windows 6 browser to have multiple discoverer sessions opening in different browser windows at the same time in Discoverer 10g Plus?
  We have implemented Discoverer 10g Plus just to be used as an extract tool. We have some workbooks retrieving 200,000 or more rows from an Oracle database. It is taking 30 to 45 minutes to download. Some users are able to open multiple sessions in different browsers to download more then one worksheet at the time, but we have other users who get an error message that they can only open one session at the time. What is the setup to allow users to open more than one Discoverer session?

  Additional research in Metalink found the following:
  Hdr: 7261918 10.2 USER_JAV 10.1.2.54.25 PRODID-964 PORTID-46
  Abstract: ALLOW ABILITY TO LAUNCH TWO DISCOPLUS SESSIONS FROM SAME BROWSER CONNECTION PAGE
  *** 07/17/08 07:31 am REQUEST TEXT ***
  Please refer to bug 6656139. Need to get Discoverer Plus certified to
  support launching two plus sessions from same browser connections page when
  using SUN JRE 1.5/1.6 or higher.
  As per bug 6656139 it appears to be JVM 1.5.x limitation, because same
  actions work fine when using SUN JRE 1.4.2_xx.
  *** 07/17/08 07:31 am BUSINESS NEED ***
  Impossible to run reports against two different databases simultaniously
  using same Discoverer instace, or just several reports at the same time,
  which would save much time instead of running reports one by one.
  *** 07/19/09 11:57 pm *** (CHG: Sta->97)
  *** 07/19/09 11:57 pm RESPONSE ***
  ALSO SEE THIS FROM SUPPORT
  Error 'Unable To Connect Discoverer Server: Null' When Opening A Second Plus Session From The Same Browser [ID 790187.1]
  Cause
  Bug 6656139, JVM 1.5 : RUNNING TWO PLUS SESSIONS ERRORS WITH UNABLE TO CONNECT: NULL
  The Java Console reports the following error:
  Error: java.lang.StackOverflowError
  java.lang.StackOverflowError
  at java.awt.DefaultFocusTraversalPolicy.accept(Unknown Source)
  at java.awt.ContainerOrderFocusTraversalPolicy.getFirstComponent(Unknown Source)
  at java.awt.ContainerOrderFocusTraversalPolicy.getFirstComponent(Unknown Source)
  at javax.swing.DefaultFocusManager.getFirstComponent(Unknown Source)
  Per Bug 6656139 this problem is a limitation/bug with current Sun JRE 1.5
  and higher and needs to be addressed by Sun.
  Solution
  Currently launching two Discoverer Plus sessions from the same browser connection page is not supported/certified.
  Enhancement Request :
  Bug 7261918, ALLOW ABILITY TO LAUNCH TWO DISCOPLUS SESSIONS FROM SAME BROWSER CONNECTION PAGE
  has been logged for this issue but is still waiting on a Sun Java fix.
  Use the following workaround:
  Use JRE 1.4.2_xx until the ER is implemented and the SUN JRE bug is fixed.

• APEX accessing ASP Session Cookie...?

  Hi,
  I'm trying to build an application to fit in with a pre-existing website.
  This site authenticates users, setting appropriate session variables in a cookie. Then each asp page carries a script to check these session variables, denying access if they aren't correct.
  I want my APEX application to fit in with this. Having read some of the documentation and browsed this forum, I'm thinking an open authentication application with an authorisation scheme based on these session variables.
  My main problem is, how (if at all) I can get APEX to pick up on these session variables? I don't really want to start getting them out and sticking them in the URL used to call the application, because that would be a bit too easy to spoof.
  Does anyone know a way of getting APEX to check a cookie and act on that? Or at least drag cookie variables over into its own session variables?
  Cheers for any help.
  Scott
  P.S. It may show, I'm new to quite a lot of this!

  Hello Scott,
  >> Does anyone know a way of getting APEX to check a cookie and act on that?
  APEX itself using cookies, utilizing a package called OWA_COOKIE. You can see an example on the login page (by default page 101) of your application.
  You should check if the OWA_COOKIE package could help you with what you need.
  Regards,
  Arie.

• Session Cookies Being Overwritten Browsing From SSL to Non SSL

  I have created a bug report for this issue as well.
  Please note I am using J2EE session variables so keep that in mind.
  I am seeing session cookies being overwritten when browsing from an SSL connection to a non SSL connection.
  For example:
  Visiting https://www.domain.com/ results in a JSESSIONID cookie being set with details being send for "Encrypted connections only".
  Visiting http://www.domain.com/ results in a JSESSIONID cookie being set with details being send for "Any type of connection".
  Here's the problem:
  Say for example, you're logging into an admin module located at https://www.domain.com/admin/. Once authenticated and some session variables are set, you browse to http://www.domain.com/. When that happens your session cookie (JSESSIONID) is overwritten with a new value and you instantly lose your authentication in the admin module.
  Obviously this is causing massive problems for my clients that bounce back and forth from SSL to non SSL connections which is common for e-commerce websites.
  Steps to Reproduce:
  1. Clear your cookies.
  2. Visit a web page such as https://www.domain.com/. Note the JSESSIONID cookie value.
  3. Visit a web page such as http://www.domain.com/. Note the JSESSIONID cookie value and how it was overwritten.
  This behavior changed in ColdFusion 10. ColdFusion 9 did not overwrite the session cookie.
  Has anyone else experience this?

  Deleting and re-adding my account seems to have fixed it.  I think when I initially added my Google Talk account, it was by using the "Add Jabber Account" under 10.6 or something.  Now, when I re-added my account, I notice both "Google Talk" and "Jabber" are options, so my thought here is that Jabber and Google Talk options are no longer quite the same thing.

• How to configure Apache Plug-in CookieName for multiple session cookies?

  I'm deploying an ear file with 2 web applications (.war files) in it and each .war
  has its own CookieName defined in the weblogic.xml file. I need to set up the
  Apache plugin for Weblogic to look at both of them and not just one. Can I simply
  add both CookieName lines into my httpd.conf or will this not work?
  Thanks,
  -wr

  We are facing exactly the same need.
  If you tested it and got answers, we will be happy to hear from you.
  Concerning alternatives, we thought of defining the CookiePath to the contextroot of each WebApp. In our case, the name (and so then the contextroot) of our WebApps is always changing (it includes the version number), so we would have to change the weblogic.xml at each build which we would like to avoid ...
  Apparently the CookiePath can also be set to a "basis" for "begings with" test. See http://groups.google.fr/groups?q=weblogic.xml session-param CookiePath&hl=fr&lr=&ie=UTF-8&oe=UTF-8&selm=3e84a75a%[email protected]&rnum=1 so it could be less harmfull but anyway we do not put too much confidence into this kind of behaviour for future WLS sp/versions :(
  Any help appreciated,
  Philippe.

• How to secure session cookie

  Iam using iPlanet 6.0SP6 in NT 4.0.
  I would like to make the session cookie JSESSIONID to be transfer only on secure connection.
  Then, I make the change to web-apps.xml as below
  <?xml version="1.0" encoding="UTF-8"?>
  <!DOCTYPE vs PUBLIC "-//Sun Microsystems, Inc.; iPlanet//DTD Virtual Server Web Applications 6.0//EN"
       "http://developer.iplanet.com/webserver/dtds/iws-webapps_6_0.dtd">
  <vs>
  <session-cookie is-secure="true"></session-cookie>
  </vs>
  After that, I restart the iplanet web server and load the page with I.E. again. I see that the cookie is still passed with non-secure mode.
  Is there any wrong with my web-apps.xml?

  Janice,
  Thanks for your help.
  When I use the below web-apps.xml, I can make the cookie in secure session.
  <?xml version="1.0" encoding="UTF-8"?>
  <!DOCTYPE vs PUBLIC "-//Sun Microsystems, Inc.; iPlanet//DTD Virtual Server Web Applications 6.0//EN"
       "http://developer.iplanet.com/webserver/dtds/iws-webapps_6_0.dtd">
  <vs>
  <web-app uri="/" dir="d:/java/docroot" enable="true">
  <session-manager class="com.iplanet.server.http.session.IWSSessionManager">
  <init-param>
  <param-name>maxSessions</param-name>
  <param-value>16000</param-value>
  </init-param>
  <init-param>
  <param-name>timeOut</param-name>
  <param-value>7200</param-value>
  </init-param>
  <init-param>
  <param-name>reapInterval</param-name>
  <param-value>30</param-value>
  </init-param>
  <init-param>
  <param-name>maxValueSize</param-name>
  <param-value>8192</param-value>
  </init-param>
  </session-manager>
  <session-cookie is-secure="true"/>
  </web-app>
  </vs>
  However, when I configure more on the web applicaiton with the web.xml, I check that the cookie no more secure.
  THe web.xml is
  <?xml version="1.0" encoding="ISO-8859-1"?>
  <!DOCTYPE web-app PUBLIC
  "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
  "http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">
  <web-app>
  <display-name>Trade Info Exchange</display-name>
  <description>
  Trade Info Exchange
  </description>
  <!-- Define servlets that are included in the example application -->
  <servlet>
  <servlet-name>Login</servlet-name>
  <servlet-class>com.chase.infra.appcontrol.servlet.LoginServlet</servlet-class>
  </servlet>
  <servlet-mapping>
  <servlet-name>Login</servlet-name>
  <url-pattern>/Login</url-pattern>
  </servlet-mapping>
  <servlet>
  <servlet-name>Fmenu</servlet-name>
  <servlet-class>com.chase.infra.appcontrol.servlet.FmenuServlet</servlet-class>
  </servlet>
  <servlet-mapping>
  <servlet-name>Fmenu</servlet-name>
  <url-pattern>/Fmenu</url-pattern>
  </servlet-mapping>
  <servlet>
  <servlet-name>Fcontent</servlet-name>
  <servlet-class>com.chase.infra.appcontrol.servlet.FcontentServlet</servlet-class>
  </servlet>
  <servlet-mapping>
  <servlet-name>Fcontent</servlet-name>
  <url-pattern>/Fcontent</url-pattern>
  </servlet-mapping>
  <servlet>
  <servlet-name>Express</servlet-name>
  <servlet-class>com.chase.apps.express.servlet.EXPRESS2</servlet-class>
  </servlet>
  <servlet-mapping>
  <servlet-name>Express</servlet-name>
  <url-pattern>/EXPRESS2</url-pattern>
  </servlet-mapping>
  <servlet>
  <servlet-name>AppControl</servlet-name>
  <servlet-class>com.chase.infra.appcontrol.servlet.AppControlServlet</servlet-class>
  </servlet>
  <servlet-mapping>
  <servlet-name>AppControl</servlet-name>
  <url-pattern>/AppControl</url-pattern>
  </servlet-mapping>
  <servlet>
  <servlet-name>errorPage</servlet-name>
  <servlet-class>com.chase.infra.appcontrol.servlet.errorPage</servlet-class>
  </servlet>
  <servlet-mapping>
  <servlet-name>errorPage</servlet-name>
  <url-pattern>/errorPage</url-pattern>
  </servlet-mapping>
  <servlet>
  <servlet-name>LoginFail</servlet-name>
  <servlet-class>com.chase.infra.appcontrol.servlet.LoginFailServlet</servlet-class>
  </servlet>
  <servlet-mapping>
  <servlet-name>LoginFail</servlet-name>
  <url-pattern>/LoginFail</url-pattern>
  </servlet-mapping>
  <servlet>
  <servlet-name>Logout</servlet-name>
  <servlet-class>com.chase.infra.appcontrol.servlet.LogoutServlet</servlet-class>
  </servlet>
  <servlet-mapping>
  <servlet-name>Logout</servlet-name>
  <url-pattern>/Logout</url-pattern>
  </servlet-mapping>
  <servlet>
  <servlet-name>ChangePwdWarning</servlet-name>
  <servlet-class>com.chase.infra.appcontrol.servlet.ChangePwdWarningServlet</servlet-class>
  </servlet>
  <servlet-mapping>
  <servlet-name>ChangePwdWarning</servlet-name>
  <url-pattern>/ChangePwdWarning</url-pattern>
  </servlet-mapping>
  <servlet>
  <servlet-name>ChangePwd</servlet-name>
  <servlet-class>com.chase.infra.appcontrol.servlet.ChangePwdServlet</servlet-class>
  </servlet>
  <servlet-mapping>
  <servlet-name>ChangePwd</servlet-name>
  <url-pattern>/ChangePwd</url-pattern>
  </servlet-mapping>
  <servlet>
  <servlet-name>ReLoginDialog</servlet-name>
  <servlet-class>com.chase.infra.appcontrol.servlet.ReLoginDialog</servlet-class>
  </servlet>
  <servlet-mapping>
  <servlet-name>ReLoginDialog</servlet-name>
  <url-pattern>/ReLoginDialog</url-pattern>
  </servlet-mapping>
  <servlet>
  <servlet-name>TradeTrackProcessSearch</servlet-name>
  <servlet-class>chase.app.tt.servlet.ProcessSearchServlet</servlet-class>
  </servlet>
  <servlet-mapping>
  <servlet-name>TradeTrackProcessSearch</servlet-name>
  <url-pattern>/TradeTrackProcessSearch</url-pattern>
  </servlet-mapping>
  <servlet>
  <servlet-name>TradeTrackSearchScreen</servlet-name>
  <servlet-class>chase.app.tt.servlet.SearchScreenServlet</servlet-class>
  </servlet>
  <servlet-mapping>
  <servlet-name>TradeTrackSearchScreen</servlet-name>
  <url-pattern>/TradeTrackSearchScreen</url-pattern>
  </servlet-mapping>
  <servlet>
  <servlet-name>TradeTrackMain</servlet-name>
  <servlet-class>chase.app.tt.servlet.MainServlet</servlet-class>
  </servlet>
  <servlet-mapping>
  <servlet-name>TradeTrackMain</servlet-name>
  <url-pattern>/LCIMPORT</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>TradeTrackMain</servlet-name>
  <url-pattern>/LCEXPORT</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>TradeTrackMain</servlet-name>
  <url-pattern>/COLLIMP</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>TradeTrackMain</servlet-name>
  <url-pattern>/COLLEXP</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>TradeTrackMain</servlet-name>
  <url-pattern>/B2BMenu</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>TradeTrackMain</servlet-name>
  <url-pattern>/B2BMain</url-pattern>
  </servlet-mapping>
  <welcome-file-list>
  <welcome-file>ctielogin.html</welcome-file>
  </welcome-file-list>
  </web-app>
  Pls advise how I can make the cookie secure for using the web.xml and web-apps.xml
  thanks
  samuel poon

• Multiple Sessions in CMC for the same user

  Hello,
  Version:  BOE XI R2 SP3
  A user opens an Xcelsius Dashboard.  As they are using the dashboard, multiple calls are being made through QaaWS to the database.  In CMC, we can see multiple sessions created for that user.  However, this is not 100% consistent.
  Why are there multiple sessions created for one user consuming one dashboard?  Shouldn't everything result in one session?
  Thank you,
  Scott

  Thank you Greg,
  The user shows multiple session after opening and refreshing just one Xcelsius Dashboard over and over again.  It is using QaaWS to get its data.
  Also, as you mentioned, we are also seeing problems with Logout.  Sometimes, users click the logout, but their session does not terminate.  Other times, it does terminate.  And, also, sometimes the logout button does not work.  The user is forced to just close the browser window.
  Any ideas?
  Scott

• How to handle multiple session in ADF using jdevloper11g

  Hello All
  i want to use the form in Multiple sessions.
  i have one sign up form. user enter only 4 to 5 fields & he may not fill the the manditory field & he left.but data base dont give the error to him. but next day he will come at the next day to complet his sign up i.e. when he commit the all detail that time all validation will hapen.
  for that i use one table without constrain to store the temarory detail.& use other table (with constrains) for final submition.
  1) i creat the view n entity for temparory table
  2) & also i create views n entity for Final table
  n i create one methos in viewRowImple file in that file i overrid create method from using this i set the value from tempary to final table...
  but when user left the manditory field then it allow to submit the data in temparory field but when i copy that data to final table(with constrain) n user submit the data then validation happn i.e. "this fild is mandatory".when i click this error message it goes to first screen.
  IS Thiis Possible.. in ADF

  Generally this can be done.
  I see a problem with your use case, which has nothing to do with jdev or java:
  How do you identify the user when he comes back to finish the form?
  For this you can't use information like session cookie or IP address because they change.
  So you have to save some information about the user which lets you identify him when he comes back. All other requirements can be implemented by ADF.
  Timo

• Enable secure session cookie on Sun ONE Web Server 6.1

  How can I enable secure session cookie (JSESSIONID) on Sun ONE Web Server 6.1?.
  For 6.0 is <session-cookie is-secure="true"/> inside the <web-app> tags in web-apps.xml but I'm not able to find this setting for 6.1.

  There is a fix in 6.1sp5 that enables the session cookie to be marked as secure.
  See the release notes and search for 6262885 under Issues Resolved in 6.1sp5:
  http://docs.sun.com/app/docs/doc/819-2479/6n4p1bdea?a=view

• Apex session cookie in Safari

  Hi all,
  I'm hitting a restriction or security feature(?) of Safari in iOS. One of our Apex applications is a page that runs in an iframe on a site. Apex is installed on a server inside our own network and is accessable via dns: office.ourcorp.com (fake name, just to clearify the situation). We have a couple of different brands, that all have their own domains: brand1.com, brand2.com etc. All of these sites open the apex page inside an iframe.
  That all works beautifully in all browsers, except in Safari in iOS. in iOS, the apex page isn't showing. It seams it's because of the session cookie Apex sets. Safari can't set an cookie from another domain (a cross domain cookie). Is there a possibility to turn off the session cookie?(ORA_WWV_APP_xxx)?
  I also tried to set the 'cookie domain' option inside the authentication scheme to one of the domain names for our brands, but it still doesn't show up.
  Does someone has a sollution?

  I tried to do that. If you read my very first post in this thread, specifically "If I try to set a cookie in the page sentry function, it is breaking at the redirect line. Also, I don't think page sentry is the right place to set a cookie since it executes at every page.", I tried to set a cookie but it is throwing an error at the page.
  I think all these complication is because I dont have a login page and I am using a HTTP header variable to validate the user. Given that, where should I set the cookie?
  I also tried to do this:
  - create an appliaction item called 'testuser'
  - create an application computation to run 'before header' which sets the value of this to my HTTP header variable.
  - When I retrieve the app item 'testuser' from a page, it is getting the correct value. But when I use this in the authentication scheme, it is returning null. Any idea why??
  I know I am throwing a lot of questions. That is because I am trying a lot of approaches and each of them is posing a new set of challenges. I am actually looking for alternative ways to do what I am looking to do.
  Thanks.
  Shuba

• How to Set up HTTPOnly and SECURE FLAG for session cookies

  Hi All,
  To fix some vulnerability issues (found in the ethical hacking , penetration testing) I need to set up the session cookies (CFID , CFTOKEN , JSESSIONID) with "HTTPOnly" (so not to access by other non HTTP APIs like Javascript). Also I need to set up a "secure flag" for those session cookies.
  I have found the below solutions.
  For setting up the HTTPOnly for the session cookies.
  1] In application.cfc we can do this by using the below code. Or we can do this in CF admin side under Server Settings » Memory Variables
       this.sessioncookie.httponly = true;
  For setting up the secure flag for the session cookies.
  2] In application.cfc we can do this by using the below code. Or we can do this in CF admin side under Server Settings » Memory Variables
       this.sessioncookie.secure = "true"
  Here my question is how we can do the same thing in Application.cfm?. (I am using ColdFusion version 10). I know we can do this using the below code , incase of HTTPOnly (for example).
  <cfapplication setclientcookies="false" sessionmanagement="true" name="test">
  <cfif NOT IsDefined("cookie.cfid") OR NOT IsDefined("cookie.cftoken") OR cookie.cftoken IS NOT session.CFToken>
    <cfheader name="Set-Cookie" value="CFID=#session.CFID#;path=/;HTTPOnly">
    <cfheader name="Set-Cookie" value="CFTOKEN=#session.CFTOKEN#;path=/;HTTPOnly">
  </cfif>
  But in the above code "setclientcookies" has been set to "false". In my application (it is an existing application) this has already been set to "true". If I change this to "false" as mentioned in the above code then ColdFusion will not automatically send CFID and CFTOKEN cookies to client browser and we need to manually code CFID and CFTOKEN on the URL for every page that uses Session. Right???. And this will be headache.Right???. Or any other way to do this.
  Your timely help is well appreciated.
  Thanks in advance.

  BKBK wrote:
  Abdul L Koyappayil wrote:
  BKBK wrote:
  You can switch httponly / secure on and off, as we have done, for CFID and CFToken. However, Tomcat automatically switches JsessionID to 'secure' when it detects that the protocol is secure, that is, HTTPS.
  I couldnt understand this. I mean how are you relating this with my question.
  When Tomcat detects that the communication protocol is secure (that is, HTTPS), it automatically switches on the 'secure' flag for the J2EE session cookie, JsessionID. Tomcat is configured to do that. Coldfusion has no say in it. So, for JsessionID, 'secure' is automatically set to 'false' when HTTP is detected and automatically set to 'true' when HTTPS is detected.
       If this is the case then why I am getting below info for jsessionid (As you mentioned it should set with SECURE flag . Right???). Note that we are using web server - Apache vFabric .And the application that we are using is in https and there is no hit is going from https to http.
  Name:
  JSESSIONID
  Content:
  782BF97F50AEC00B1EBBF1C2DBBBB92F.xyz
  Domain:
  xyz.abc.pqr.com
  Path:
  Send for:
  Any kind of connection
  Accessible to script:
  No (HttpOnly)
  Created:
  Wednesday, September 3, 2014 2:25:10 AM
  Expires:
  When the browsing session ends
  BKBK wrote:
  2]When I checked CF Admin->Server Settings->Memory Variables I found that J2EE SESSION has been set to YES. So does this mean that do we need to set HTTPOnly and SECURE flag for JSESSIONID only or for CF session cookies (CFID AND CFTOKEN ) as well ?.
  Set HTTPOnly / Secure for the session cookies that you wish to use. Each cookie has its pros and cons. For example, the JsessionID cookie is more secure and more Java-interoperable than CFID/CFToken but, from the explanation above, it forbids the sharing of sessions between HTTP and HTTPS.
       I understood that setting thos flags (httponly/secure) is as per my wish. But my question was , is it necessary to set those flags forcf session cookies (cfid and cftoken) as we have enabled J2EE session in CF admin?. Or in other way as the session management is J2EE based do we need to set those flags for CF session cookies?.
  BKBK wrote:
  3]If I need to set HTTPOnly and SECURE flag for JSESSIONID , how can I do that.
  It is sufficient to set the HTTPOnly only. As I explained above, Tomcat will automatically set 'secure' to 'true' when necessary, that is, when the protocol is HTTPS.
       I understood that it is sufficient to set httponly only.but how we will set it for jsessionid?. This is my question. Apache vFabric will alos set secure to true automatically. Any idea??

• When firefox launched and kept open, automatically opens multiple sessions for ads and pornography which I have never visited. sessions hide in legitimate ones

  I use firefox exclusively. I open many sessions simultaneously mostly one site per session in a single tab. At times during the day when I keep firefox open, I will return to a previous site/session and before I am able to see it, I am getting browser 'pop-ups' of ads for TJ MAxx (a site I never visit) and hard-core porno (a site i never visit and not part of my browsing demographic). These are completely random and hide behind legitimate browsing sessions and are not listed in history etc. They are not being removed by adware or Norton and they are driving me nuts not to mention the embarassment of trying to launch a legitimate site and getting disgusting porno in your face while working with colleagues. Please help!

  '''Scan for Malware'''
  Sometimes a problem with Firefox may be a result of malware installed on your computer, that you may not be aware of.
  You can try these free programs to scan for malware, which work with your existing antivirus software:
  * [http://www.microsoft.com/security/scanner/default.aspx Microsoft Safety Scanner]
  * [http://www.malwarebytes.org/products/malwarebytes_free/ MalwareBytes' Anti-Malware]
  * [http://support.kaspersky.com/faq/?qid=208283363 TDSSKiller - AntiRootkit Utility]
  [http://windows.microsoft.com/MSE Microsoft Security Essentials] is a good permanent antivirus for Windows 7/Vista/XP if you don't already have one.
  Further information can be found in the [[Troubleshoot Firefox issues caused by malware]] article.
  '''Reset Firefox'''
  The Reset Firefox feature can fix many issues by restoring Firefox to its factory default state while saving your essential information.
  Note: ''This will cause you to lose any Extensions, Open websites, and some Preferences.''
  To Reset Firefox do the following:
  #Go to Firefox > Help > Troubleshooting Information.
  #Click the "Reset Firefox" button.
  #Firefox will close and reset. After Firefox is done, it will show a window with the information that is imported. Click Finish.
  #Firefox will open with all factory defaults applied.
  Further information can be found in the [[Reset Firefox – easily fix most problems]] article.
  Did this fix your problems? Please report back to us!

• How to open multiple sessions for one user?

  Sorry for the silly question but I couldn't find it googling or searching through this forum, so I started wondering whether it's possible in SQL Developer to open multiple sessions for one user. I'm fairly new to SQL Developer and databases in general.
  When I open SQL Developer and connect to a schema, a worksheet opens named MYSCHEMA. If I disconnect then connect, another worksheet opens, named MYSCHEMA~1. I assumed these were different sessions, but if I enter into one worksheet:
  select col1 from my_table where row_id = 1
  -- shows result is 1
  update my_table set col1 = 0 where row_id = 1
  select col1 from my_table where row_id = 1
  -- shows result is 0and then enter into the second worksheet:
  select col1 from my_table where row_id = 1
  -- shows result is 0I would have expected the second worksheet to report 1 because the first worksheet did not issue a COMMIT. Thus, I'd guess both worksheets are the same session? Is that right? If so, how do I have two sessions open simultaneously (opened by same user)?
  I'm trying to implement the code at the bottom of this post, for which testing requires at least two sessions:
  Re: Help with Procedure
  Edited by: tem on Apr 18, 2012 6:44 AM

  Thanks Jim,
  Ctrl-Shift-N doesn't do anything for me. I'm on a mac -- by experimenting it looks like command-N does what you're looking for. This appears to be the same as left-clicking on the "New" icon in the top left corner of SQL Developer, or selecting from the pull-down menu, File > New.
  This opens "Create a New" window that appears to be a wizard. What would I select at this point? Options are: Database Connection, Table, View, Package, ...
  I don't see an option for "Worksheet".
  UPDATE:
  OK, I found that if I select "SQL File", a worksheet becomes available. Perhaps this is what you intended. However, when I issue the command
  select col1 from my_table where row_id = 1;it still returns 0 instead of 1. Hmm, maybe my initial assumption was wrong -- if this is a second (e.g. different) session, should I expect the changes made in the first session in SQL Developer (the UPDATE command) WITHOUT a commit, to be observed in this second session? I thought that changes made in one session were not viewable in a different session until these changes are committed in the first session? If so, how to show this in SQL Developer? I must be missing something basic here.
  Or, is SQL Developer issuing some sort of "auto-commit" without my knowledge?
  Edited by: tem on Apr 18, 2012 8:00 AM

• Setting secure flag on weblogic (5.1) session cookie.

  Hello All,
            I need to set secure flag on weblogic session cookie. I am not able to
            find any property in weblogic.properties file to set the secure flag for
            session cookie.
            Does anybody has any idea how to achieve this.?
            Thanks
            Nitin
            

  The best way to reduce GC is to change you application to use less memory. Serious.
  There are a number of JVM options for GC. I can't tell you what will work best
  for your application.
  25 seconds is way too long for a GC. Is the OS paging? You may wish to invest
  in additional memory.
  Mike Reiche
  vijendran <[email protected]> wrote:
  Hi,
  I am running a load test which will simulate 100 users. when i tried
  to simulate i found that GC is happening often even though i set the
  heap to 512 MB., and that too some time it takes upto 25 secs. for a
  GC to complete. Please advise on how to increase the performance for
  more number of users (without clustering weblogic) and to avoid GC happening
  often.
  Regards
  Vijendran

• Can XSQL create multiple session variables using only one database call?

  Right now if I want to set session variables for username and accesslevel, I code out like this:
  <xsql:set-session-param name="name" bind-params="username password">
  SELECT DISTINCT USERNAME
  FROM LKUP_USER
  WHERE USERNAME = ? AND PASSWORD = ? AND ACCESSLEVEL = 0
  </xsql:set-session-param>
  <xsql:set-session-param name="authlvl" bind-params="username password">
  SELECT DISTINCT ACCESSLEVEL
  FROM LKUP_USER
  WHERE USERNAME = ? AND PASSWORD = ? AND ACCESSLEVEL = 0
  </xsql:set-session-param>Is there any way to do it so that I don't have to do multiple queries to the database to set session variables? i.e., something like this:
  <xsql:set-multiple-session-param name="user authlvl" bind-params="username password">
  SELECT DISTINCT USERNAME,
  ACCESSLEVEL
  FROM LKUP_USER
  WHERE USERNAME = ? AND PASSWORD = ? AND ACCESSLEVEL = 0
  </xsql:set-multiple-session-param>Sort of like how bind-params works. Setting bind-params="username password" makes the first ? akin to username and the next ? akin to password.
  Is this functionality already in existence?
  Thanks!
  Malik Graves-Pryor

  Not currently possible to collapse into one request without doing it in a custom action handler.
  A custom action handler can:
  [list=1]
  [*]Get the current JDBC connection from the XSQLPageRequest
  [*]Get the SQL statement to perform using the function getActionElementContent
  [*]Handle any bind parameters specified an a bind-params attribute on the action element by calling handleBindVariables()
  [*]Execute and fetch the row from the query
  [*]Check to see that the return value of getPageRequest().getRequestType() equals the value "Servlet"
  [*]Cast the page request to an XSQLServletPageRequest and call getHttpServletRequest()
  [*]Call getSession() on the request
  [*]Set the session variables you want to
  [*]Close the JDBC statement
  [list]
  will consider a built-in enhancement for a future XSQL release.