Apex session cookie in Safari

Similar Messages

• APEX Security: Multiple session cookies in one browser

  Hi all,
  I use mozilla firefox as web browser. When I open a new tab and enter the APEX application url I will be redirected to the login page. After successfully login I receive the session id and the browser the session cookie WWV_CUSTOM-F....
  When I now open the next browser tab and enter the APEX application url I will be redirected to the login page. After successfully login I receive the new session id and the browser the session cookie WWV_CUSTOM-F... with new content. My session from the first browser tab will be killed, because the session cookie for this session was deleted/replaced by the session cookie from the second tab.
  Is it possible to have multiple APEX sessions opened in one browser in multiple tabs?
  Regards

  Hi PaulP,
  it's simple.
  Unzip bsApex2 http://www.betasoftware.it/codice/bsApex2.zip
  If not installed, install Microsoft .NET Framework 4 Client Profile.
  Configure bsApex.exe.config
  <?xml version="1.0" encoding="utf-8" ?>
  <configuration>
    <appSettings>
      <!-- Application Title -->
      <add key="aTitolo" value="Apex Desktop by Beta Software snc" />
      <!-- Short application title -->
      <add key="aTitoloBreve" value="Apex Desktop" />
      <!-- Window height -->   
      <add key="aAltezza" value="960" />
      <!-- Window width-->
      <add key="aLarghezza" value="1200" />
      <!-- Close botton text -->
      <add key="aChiudi" value="Close" />
      <!-- Print botton text -->
      <add key="aStampa" value="Print" />
      <!-- Application icon-->
      <add key="aIcona" value="bsApex.ico" />
      <!-- Client -->
      <add key="aCliente" value="Apex Community" />
      <!-- Application address -->
      <add key="aIndirizzo" value="http://apex.oracle.com/pls/otn/f?p=23873:1" />
    </appSettings>
  </configuration>Run bsApex.exe, that's all.
  Regards,
  Gianluigi

• TS4207 "Please enable session cookies" Error from Sites. Safari 7.0/9537.71 on OSX 10.9

  Cant sign in to Macy's account. Site says, "Please enable session cookies". Checked Safari (Safari 7.0/9537.71) Preferences on OSX 10.9 - Under Privacy > Block Cookies and other website data > is set to "Never". I'm seeing the same problem in my iPad Mini (1st Gen) too. Please Advise.

  Please read this whole message before doing anything.
  This procedure is a diagnostic test. It’s unlikely to solve your problem. Don’t be disappointed when you find that nothing has changed after you complete it.
  The purpose of the test is to determine whether the problem is caused by third-party software that loads automatically at startup or login, by a peripheral device, by a font conflict, or by corruption of the file system or of certain system caches.
  Disconnect all wired peripherals except those needed for the test, and remove all aftermarket expansion cards, if applicable. Start up in safe mode and log in to the account with the problem. You must hold down the shift key twice: once when you turn on the computer, and again when you log in.
  Note: If FileVault is enabled, or if a firmware password is set, or if the startup volume is a Fusion Drive or a software RAID, you can’t do this. Ask for further instructions.
  Safe mode is much slower to start up and run than normal, with limited graphics performance, and some things won’t work at all, including sound output and Wi-Fi on certain models. The next normal startup may also be somewhat slow.
  The login screen appears even if you usually login automatically. You must know your login password in order to log in. If you’ve forgotten the password, you will need to reset it before you begin.
  Test while in safe mode. Same problem?
  After testing, restart as usual (not in safe mode) and verify that you still have the problem. Post the results of the test.

• APEX 3.1 "Apex Session Timeout"

  Hi all,
  I have been trying to find out how I can set a session to timeout in APEX 3.1 i.e. 30 minutes. I have reviewed Shared Components etc and haven't been able to find anything to control this timeout value. I am aware of the procedure SET_SESSION_MAX_IDLE_SECONDS but i am unable to find it in any of the wwv_* packages. Is it available in 3.1? If not, how can i set this value? Also, can the timeout value be set per application rather than globally?
  Thanks!

  Thanks for that (again). So it looks like I have 3 options:
  1)     Incorporate a JS timeout script
  2)     Build an APEX session package (api_apex_session.pck) that would handle this
  3)     Install APEX 3.2 where all this is supported
  What about the web server or cookie management...is there anything that could be used there?

• How do I enable cookies in Safari so that I can submit an on-line resume?

  How do I enable cookies in Safari so that I can submit an on-line resume?
  Message reads, "You do not have per-session cookies enables!
  Per-session cookies must be enabled in your browser to submit online resumes."

  From your Safari menu bar click Safari > Preferences > Privacy
  Select Never to the right of Block Cookies.

• What is killing my Apex Session?

  Hi,
  as far as I understand it, the Session lasts 24 hours after the last submit? I can shut down the DB or the Apache and after I have them up again my session is still valid. I can also work on the next day with my session. But at least once a day suddenly my sessions are gone and I have to reconnect.
  Can anyone explain this behaviour?
  Thanks, Juergen

  Also, there is nothing magic about 24 hours, feel free to modify that DBMS_JOB to increase or decrease this frequency as appropriate for your environment.
  Remember that in most cases, the Apex session is tied back to a specific (browser-session) cookie, chances are that your client machine and/or browser is likely to be rebooted/restarted long before 24 hours so this issue is moot anyway.

• Credential session cookie and smartphone

  hi,
  it seems session cookies for authentification doens't work with opera on Windows mobile6.5 and safari on iphone3gs.Browsers prompt me with AD authentification and .....blank page. It works with ie in wm6.5
  Do you already seen that before?

  Thanks.  I stumbled across the post while researching this. I didn't really think of it as being the same thing, but I do see how it is relevant to my question.  I am considering writing a very basic custom module to do what the standard one does,
  but ignore certain requests.  I feel like this has probably already been done a dozen times before, so if anyone knows of anything on GitHub or Codeplex, that would be very helpful information.
  Is there any guide out there on writing modules in such as way as to add them to the ApplicationInsights.config the way the official Microsoft modules are configured (ie. by tape name in the XML File)?

• Is there a way to delete only cookies in safari 5.1?

  Is there a way to delete only cookies in safari 5.1?
  If you go to Preferences -> Privacy -> details, you can choose to remove "website data" but sometimes this includes the local cache and also local storage.
  Is there any way to delete JUST/SOLEY the cookies that the browser stores?

  Go to ~/Library/Cookies.
  Move the Cookies.plist to the Trash.
  ~ (Tilde) character represents the Home folder.
  For LIon:   To find the Home folder in OS X Lion, open the Finder, hold the Option key, and choose Go > Library

• How to Set up HTTPOnly and SECURE FLAG for session cookies

  Hi All,
  To fix some vulnerability issues (found in the ethical hacking , penetration testing) I need to set up the session cookies (CFID , CFTOKEN , JSESSIONID) with "HTTPOnly" (so not to access by other non HTTP APIs like Javascript). Also I need to set up a "secure flag" for those session cookies.
  I have found the below solutions.
  For setting up the HTTPOnly for the session cookies.
  1] In application.cfc we can do this by using the below code. Or we can do this in CF admin side under Server Settings » Memory Variables
       this.sessioncookie.httponly = true;
  For setting up the secure flag for the session cookies.
  2] In application.cfc we can do this by using the below code. Or we can do this in CF admin side under Server Settings » Memory Variables
       this.sessioncookie.secure = "true"
  Here my question is how we can do the same thing in Application.cfm?. (I am using ColdFusion version 10). I know we can do this using the below code , incase of HTTPOnly (for example).
  <cfapplication setclientcookies="false" sessionmanagement="true" name="test">
  <cfif NOT IsDefined("cookie.cfid") OR NOT IsDefined("cookie.cftoken") OR cookie.cftoken IS NOT session.CFToken>
    <cfheader name="Set-Cookie" value="CFID=#session.CFID#;path=/;HTTPOnly">
    <cfheader name="Set-Cookie" value="CFTOKEN=#session.CFTOKEN#;path=/;HTTPOnly">
  </cfif>
  But in the above code "setclientcookies" has been set to "false". In my application (it is an existing application) this has already been set to "true". If I change this to "false" as mentioned in the above code then ColdFusion will not automatically send CFID and CFTOKEN cookies to client browser and we need to manually code CFID and CFTOKEN on the URL for every page that uses Session. Right???. And this will be headache.Right???. Or any other way to do this.
  Your timely help is well appreciated.
  Thanks in advance.

  BKBK wrote:
  Abdul L Koyappayil wrote:
  BKBK wrote:
  You can switch httponly / secure on and off, as we have done, for CFID and CFToken. However, Tomcat automatically switches JsessionID to 'secure' when it detects that the protocol is secure, that is, HTTPS.
  I couldnt understand this. I mean how are you relating this with my question.
  When Tomcat detects that the communication protocol is secure (that is, HTTPS), it automatically switches on the 'secure' flag for the J2EE session cookie, JsessionID. Tomcat is configured to do that. Coldfusion has no say in it. So, for JsessionID, 'secure' is automatically set to 'false' when HTTP is detected and automatically set to 'true' when HTTPS is detected.
       If this is the case then why I am getting below info for jsessionid (As you mentioned it should set with SECURE flag . Right???). Note that we are using web server - Apache vFabric .And the application that we are using is in https and there is no hit is going from https to http.
  Name:
  JSESSIONID
  Content:
  782BF97F50AEC00B1EBBF1C2DBBBB92F.xyz
  Domain:
  xyz.abc.pqr.com
  Path:
  Send for:
  Any kind of connection
  Accessible to script:
  No (HttpOnly)
  Created:
  Wednesday, September 3, 2014 2:25:10 AM
  Expires:
  When the browsing session ends
  BKBK wrote:
  2]When I checked CF Admin->Server Settings->Memory Variables I found that J2EE SESSION has been set to YES. So does this mean that do we need to set HTTPOnly and SECURE flag for JSESSIONID only or for CF session cookies (CFID AND CFTOKEN ) as well ?.
  Set HTTPOnly / Secure for the session cookies that you wish to use. Each cookie has its pros and cons. For example, the JsessionID cookie is more secure and more Java-interoperable than CFID/CFToken but, from the explanation above, it forbids the sharing of sessions between HTTP and HTTPS.
       I understood that setting thos flags (httponly/secure) is as per my wish. But my question was , is it necessary to set those flags forcf session cookies (cfid and cftoken) as we have enabled J2EE session in CF admin?. Or in other way as the session management is J2EE based do we need to set those flags for CF session cookies?.
  BKBK wrote:
  3]If I need to set HTTPOnly and SECURE flag for JSESSIONID , how can I do that.
  It is sufficient to set the HTTPOnly only. As I explained above, Tomcat will automatically set 'secure' to 'true' when necessary, that is, when the protocol is HTTPS.
       I understood that it is sufficient to set httponly only.but how we will set it for jsessionid?. This is my question. Apache vFabric will alos set secure to true automatically. Any idea??

• Is it possible to lock out a specific cookie in Safari

  Is it possible to permanantly "lock out" a specific cookie in Safari? I understand using preferences to provide details and to remove specific cookies but I would like to prevent some cookies from ever being allowed. Is there an advanced blocking method I haven't found yet?

  No, you are not the only one having issue with management of cookies in Safari.
  Many have expressed a wish for blacklisting cookies.
  Safari > Preferences > Privacy  > Block cookies > Always
  Click the question mark at the bottom. This is the explanation  I got.
  "Select to always block cookies. This may prevent you from using some websites."
  I am not aware any command using terminal to accomplish the objective.
  Best.

• Weblogic.httpd.session.cookies.enable not working in WLS4.5 sp 11 ?

  I want to disable the use of cookies in WLS 4.5, and set the following
  weblogic.httpd.session.cookies.enable=false
  In WLS 4.5 sp7, this correctly prevents the server from using cookies
  for session-tracking, forcing the extraction of the session id from a
  rewritten URL.
  However, for WLS 4.5 sp11 cookies are still sent from the server
  Is this a known issue ?
  jo

  I want to disable the use of cookies in WLS 4.5, and set the following
  weblogic.httpd.session.cookies.enable=false
  In WLS 4.5 sp7, this correctly prevents the server from using cookies
  for session-tracking, forcing the extraction of the session id from a
  rewritten URL.
  However, for WLS 4.5 sp11 cookies are still sent from the server
  Is this a known issue ?
  jo

• Can portal session cookies be used between two data centers

  OAS generates the following header information and session information for my application. However when I need to failover the originating OAS datacenter into my hot stand-by for maintenance or upgrades, the OAS in the other datacenter responds with a 503 web error. We are using Akamai's GTM to manage the liveness of the datacenter, so we would need the hot stand-by OAS portal in that datacenter to return a 302 error code. Is there some method that we can add to our portal application which would always return a 302 error code.
  See header information collected through wfetch. The 503 error is caused by the hot stand-by data center not accepting or recognizing the cookie. Both OAS datacenters are IDENTICAL in Oracle levels, application levels, web servers, portals and OS patches.
  resolve hostname "170.107.183.32"WWWConnect::Connect("170.107.183.32","80")\nsource port: 2182\r\n
  GET /portal/pls/portal/PORTAL.wwsec_app_priv.login?p_requested_url=%2Fportal%2Fpls%2Fportal%2FPORTAL.home&p_cancel_url=%2Fportal%2Fpls%2Fportal%2FPORTAL.home HTTP/1.1\r\n
  Accept: */*\r\n
  Accept-Language: en-us\r\n
  Accept-Encoding: gzip, deflate\r\n
  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)\r\n
  Host: www.thomson-pharma.com\r\n
  Connection: Keep-Alive\r\n
  Cookie: ORA_WX_SESSION="10.225.8.30:80-1#2"; portal=9.0.3+en-us+us+AMERICA+3D66674E7EED0801E04400144F41424E+BBAA98EEB32D58C086231A8D6CBE2E5D402D89B0E79D83A18C668BB0CA7417B4044DEA389C8B50DD37D9272A24B4753B22F29978861DE14503F8B9BEDC2014654B26A434CF074F4D8749B88610ADADF5084A90ADBF749E2A; DATACENTER=EAGAN\r\n
  \r\n
  HTTP/1.1 503 Service Unavailable\r\n
  Cache-Control: private\r\n
  Content-Type: text/html\r\n
  Set-Cookie: ORA_WX_SESSION="10.237.138.33:80-1#2"\r\n
  Set-Cookie: portal=; expires=Wednesday, 27-Dec-95 05:29:10 GMT; path=/\r\n
  Connection: Keep-Alive\r\n
  Keep-Alive: timeout=5, max=999\r\n
  Server: Oracle-Application-Server-10g/10.1.2.0.2 Oracle-HTTP-Server OracleAS-Web-Cache-10g/10.1.2.0.2 (N;ecid=208440262161,0)\r\n
  Content-Length: 710\r\n
  Date: Fri, 26 Oct 2007 14:58:07 GMT\r\n
  \r\n
  Thanks -John

  Hi John,
  This question is probably more appropriate in one of the Portal forums, but perhaps you can take a look at the information in section C.5 Configuring the Portal Session Cookie in Appendix C of the Portal Configuration guide.
  Here is a link: http://download.oracle.com/docs/cd/B14099_19/portal.1014/b19305/cg_app_c.htm#sthref1907
  Regards,
  Peter

• Deleting cookies in Safari beta 3.0.1

  The option to delete cookies in Safari 3.0.1 for Windows is unavailable. The button “show cookies” under Edit->Preferences->Security is deactivated.

  The option to delete cookies in Safari 3.0.1 for
  Windows is unavailable. The button “show cookies”
  under Edit->Preferences->Security is deactivated.
  go to
  Edit>Reset safari
  a pop up windown will display where you can select to reset some option, including cookies
  after choosing only the remove all cookies, click reset

• Session Cookies Being Overwritten Browsing From SSL to Non SSL

  I have created a bug report for this issue as well.
  Please note I am using J2EE session variables so keep that in mind.
  I am seeing session cookies being overwritten when browsing from an SSL connection to a non SSL connection.
  For example:
  Visiting https://www.domain.com/ results in a JSESSIONID cookie being set with details being send for "Encrypted connections only".
  Visiting http://www.domain.com/ results in a JSESSIONID cookie being set with details being send for "Any type of connection".
  Here's the problem:
  Say for example, you're logging into an admin module located at https://www.domain.com/admin/. Once authenticated and some session variables are set, you browse to http://www.domain.com/. When that happens your session cookie (JSESSIONID) is overwritten with a new value and you instantly lose your authentication in the admin module.
  Obviously this is causing massive problems for my clients that bounce back and forth from SSL to non SSL connections which is common for e-commerce websites.
  Steps to Reproduce:
  1. Clear your cookies.
  2. Visit a web page such as https://www.domain.com/. Note the JSESSIONID cookie value.
  3. Visit a web page such as http://www.domain.com/. Note the JSESSIONID cookie value and how it was overwritten.
  This behavior changed in ColdFusion 10. ColdFusion 9 did not overwrite the session cookie.
  Has anyone else experience this?

  Deleting and re-adding my account seems to have fixed it.  I think when I initially added my Google Talk account, it was by using the "Add Jabber Account" under 10.6 or something.  Now, when I re-added my account, I notice both "Google Talk" and "Jabber" are options, so my thought here is that Jabber and Google Talk options are no longer quite the same thing.

• How to create a session cookie on demand

  Hi,
  I search the web but couldn't find anything related to creating session cookies on demand. I want to create a session cookie storing encrypted user tokens when there is none, for example, when the first page is called.
  The encryption part is OK, but I want how can I intercept every call to a set of pages and create the session cookie if it doesn't exist.
  I'm using ADF, of course, and Weblogic.
  Anyone can provide some examples or source code?
  Thanks.

  Cookies are accessible via the http request and response, there you can add new cookies and or change existing ones.
          ExternalContext ectx = FacesContext.getCurrentInstance().getExternalContext();
          HttpServletResponse response = (HttpServletResponse) ectx.getResponse();
          // get existing cookies
          Cookies [] cookies =((HttpServletRequest)ectx.getRequest()).getCookies();
          // create and set a new one
          Cookie cookie = new Cookie( "key", "value" );
          response.addCookie( cookie );This code should work in a bean. After setting the cookie you need to implement a servlet filter or a page phase listener where you check the requested url and then check for your cookie.
  Timo