Application bean or session bean

hello everyone,
Everytime a web user hits a couple pages, the same SQL queries are called. It's about 2 separate queries.
I would like to CACHE the results of that query into a vector and stick it in an application bean. So that people will just call the method and have access to the vector instead of hitting the database every time. My goal is speed and keeping the user off the database.
Question about implementation:
QUESTION NUMBER 1: Assuming the SQL query is the same for every user, If I stick it in a bean and call it from a jsp page with application scope, Will it put the resultset in the vector once and for all and keep the user off the database.
here's an example of the bean code
import java.sql.*;
import java.io.*;
public class StayOffTheDB implements Serializable{
public StayOffTheDB(){
//the constructor
public Vector theVectorFromtheDB(int interviewid) throws SQLException {
     con = cp.getConnection();
stmt = con.createStatement();
     java.sql.ResultSet rs = stmt.executeQuery(SELECT_CRITERIA+ORDERBY_CRITERIA);
     Vector v= new Vector();
     while(rs.next()){
          String[] s = new String[8];
               for(int i=0; i<8; ++i){
                    s[i] = rs.getString(i+1);
     v.addElement(s);
     return v;
When I call this bean from the jsp page like this will the vector be used or will it hit the database everytime.
<jsp:useBean id="foo" scope="Application" class="mystuff" />

Thank you for the answer adamrau.
so you are saying my assumptions about the application bean are valid. The resultset will be stored in the vector. And it will keep users off the resultset.
The resultset is supposed to be updated maybe once a month.
Is there a method that I can use to refresh the application bean with the new resultset
Sincerely
Stephen

Similar Messages

How to deploy a BC4J application as a Session Bean to OC4J?

I want to deploy a BC4J application as an Session Bean to Oracle9iAS Containers for J2EE instead to the 9iAS-DB (= Oracle8i database). How to package the EJB JAR(s), EAR(s), Client JAR(s) ...???
The main question is: Is it generally possible to deploy/run a BC4J application as an Session Bean to/on Oracle9iAS Containers for J2EE???

One of the cool things about BC4J framework is the way you can deploy the BC4J application.
The BC4J application is independent of the deployment mode.
Irrespective of which mode you actually deploy the applicaiton, you would still get all the framework services.
It is also easily switchable from one deployment mode to another.
Today you can decide to deploy it in the local mode and a later stage if you need to deploy it as EJB Session Bean you don't have rewrite your Appplication.
All you do use the Design Time Wizards for the APplication Module and make it remotable as EJB Session Bean and everything is taken for you.
BC4J white paper available on technet gives more details
http://technet.oracle.com/products/jdev/info/techwp20/wp.html
raghu

Servlets and Application Beans

Hi I'm reviewing some sample code that was originally done as a JSF application. I however will not be doing a JSF application but rather a simple Model 2 architecture using servlets. I'm trying to confirm what the equivalent to an application managed and session beans in JSF would be in a servlet environment. For example the following xml in a JSF app...
- <managed-bean>
<managed-bean-name>jpaResourceBean</managed-bean-name>
<managed-bean-class>oracle.toplink.jpa.example.inventory.services.impl.JPAResourceBean</managed-bean-class>
<managed-bean-scope>application</managed-bean-scope>
</managed-bean>
- <managed-bean>
<managed-bean-name>inventoryService</managed-bean-name>
<managed-bean-class>oracle.toplink.jpa.example.inventory.services.impl.ManagedInventoryBean</managed-bean-class>
<managed-bean-scope>session</managed-bean-scope>
- <managed-property>
<property-name>jpaResourceBean</property-name>
<value>#{jpaResourceBean}</value>
</managed-propert
Would that simple be using the servlet context and session variables? Any other tips on the right way to do this?
Thanks

fsa3 wrote:
I'm trying to confirm what the equivalent to an application managed and session beans in JSF would be in a servlet environment.JSF application scoped beans are stored as ServletContext attributes and JSF session scoped beans are stored as HttpSession attributes. So do the same in a servlet and you're fine.

Problem Creating APPLICATION Bean

As you all know, JSF application bean are used to store information across all user sessions.
When I create an application bean class with sun creator 2 release, my IDE freezes. And I have to restart creator and then it enters a slump again and the loop continues.
Please could someone guide me.
I intend to use the application bean to cache an object that is required by all users so that once the app bean is initialized then it can be available across all user session. Then each user can take that object and use it for it operations.
I will be glad if I could get help pretty soon.

tnks,
I have tried to use the default ApplicationBean1 that gets created when u create a new project.
To my amazement, when I embed codes in constructor or init() creator freeze-up and i have to shutdown abruptly and restart. The problem persist until i use the file system to expunge the code i'd earlier embedded.
Looking forward to hepls from everyone

How to find a file in application bean

Hi everyone,
I need to read in a file in application bean. But I could not figure out the relative path from application bean to my file.
Currently I have to use absolute path. However, it does not make sense to use absolute path because it will change after deployment.
Could you tell me where I should put my file in JSC 2 and what is the relative path from application bean to it?
I know how to do it in .jsp pages. But it seems to be different if I read it from application bean.
Thanks in advance,

Do you mean this code did not work.
ServletContext theApplicationsServletContext =
(ServletContext) this.getExternalContext().getContext();
String realPath =
theApplicationsServletContext.getRealPath
("/resources/images");
File file = new File(realPath + File.separatorChar +
justFileName);
Works for me. I've used it in my blog
http://blogs.sun.com/roller/page/winston?entry=how_to_create_a_file
- Winston

How to share the same session between JNLP Application and browser session

How to share the same session between JNLP Application and browser session using BasicService.showDocument(url) method? It appears whenever i launch any URL from within a JNLP application using BasicService.showDocument(url) , it creates new instance of browser and session even after i used cooke handlers to restore JSESSIONID and Ltpa token etc.
public static int showDocument(String urlToOpen)
BasicService obj = (BasicService) ServiceManager.lookup("javax.jnlp.BasicService");
obj.showDocument(urlToOpen);
}

Try using Reflection

What is RFC for "Content-Type: application/HTTP-Kerberos-session-enc"

Does anybody know how to process HTTP request with content type "Content-Type: application/HTTP-Kerberos-session-enc" ?
I cannot decode HTTP request:
-- Encrypted Boundary
     Content-Type: application/HTTP-Kerberos-session-encrypted
     OriginalContent: type=application/soap+xml;charset=UTF-16;Length=1624
-- Encrypted Boundary
     Content-Type: application/octet-stream
<octet-stream>-- Encrypted Boundary
Where <octet-stream> starts with four bytes [47, 0, 0, 0]
other bytes from <octet-stream> I am trying to decode "context.unwrap()" method ("context" was created on previous request):
                                        GSSHeader gssHeader = new GSSHeader(new ByteArrayInputStream(content));
                                        log.debug("Incoming warped content length: " + content.length);
                                        log.debug("Incoming GSS header OID: " + gssHeader.getOid());
                                        log.debug("Incoming GSS header length: " + gssHeader.getLength());
                                        log.debug("Incoming GSS header MechTokenLength: " + gssHeader.getMechTokenLength());
                                   byte[] newBytes = context.unwrap(content, 0, content.length, msgProp);
"content" - byte array which was created from <octet-stream> without first four bytes (without [47, 0, 0, 0]).
"gssHeader" is created correctly because in debug log I see:
Incoming warped content length: 1671
Incoming GSS header OID: 1.2.840.113554.1.2.2
Incoming GSS header length: 15
Incoming GSS header MechTokenLength: 1656
but on "unwrap" operation I've got exception:
GSSException: Defective token detected (Mechanism level: Invalid padding on Wrap Token)
     at sun.security.jgss.krb5.CipherHelper.arcFourDecrypt(CipherHelper.java:1226)
     at sun.security.jgss.krb5.CipherHelper.decryptData(CipherHelper.java:532)
     at sun.security.jgss.krb5.WrapToken.getDataFromBuffer(WrapToken.java:230)
     at sun.security.jgss.krb5.WrapToken.getData(WrapToken.java:195)
     at sun.security.jgss.krb5.WrapToken.getData(WrapToken.java:168)
     at sun.security.jgss.krb5.Krb5Context.unwrap(Krb5Context.java:941)
     at sun.security.jgss.GSSContextImpl.unwrap(GSSContextImpl.java:384)
     at com.myproject.ws_management.WSServer$MyHandler.handle(WSServer.java:361)
     at com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:65)
     at sun.net.httpserver.AuthFilter.doFilter(AuthFilter.java:65)
     at com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:68)
     at sun.net.httpserver.ServerImpl$Exchange$LinkHandler.handle(ServerImpl.java:552)
     at com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:65)
     at sun.net.httpserver.ServerImpl$Exchange.run(ServerImpl.java:524)
     at sun.net.httpserver.ServerImpl$DefaultExecutor.execute(ServerImpl.java:119)
     at sun.net.httpserver.ServerImpl$Dispatcher.handle(ServerImpl.java:349)
     at sun.net.httpserver.ServerImpl$Dispatcher.run(ServerImpl.java:321)
     at java.lang.Thread.run(Thread.java:619)
KeyTab instance already exists

It looks like [47, 0, 0, 0] (hex [2F, 0, 0, 0]) is cipher suite, but on http://www.iana.org/assignments/tls-parameters
I fount that it is:
0x00,0x2F TLS_RSA_WITH_AES_128_CBC_SHA [RFC3268]
So... what does this bytes can mean ?

Application Express - setting session state.

I'm a relative newbie to APEX and am trying to set up and populate an application item into session state so that I can then have the value handy throughout the entire session and over all pages of the application. I've defined the item as FPC_Number in page Zero and have also set up a region in Page Zero where the FPC Number will be displayed across all pages of the application. It will not have a value until the user explicitly selects one from a drop down menu, so initially the value will be null. I'm having issues assigning the value. The value will not be assigned during the page rendering phase but at the page processing phase, correct? I have a computation set up as 'begin
APEX_UTIL.SET_SESSION_STATE('F101_PROJECT_NUMBER',V('P14_PROJECT_NUMBER')); end; '. Does this look right? I get the error: PLS-00103 when I try to execute this. Any ideas?
Update: I have deleted the calculation and am using a process only. I no longer get the PLS-00103 error message but still no value is displayed in Session_state.
Edited by: V Rickert on Feb 26, 2013 7:38 AM

V Rickert wrote:
I'm a relative newbie to APEX and am trying to set up and populate an application item into session state so that I can then have the value handy throughout the entire session and over all pages of the application. I've defined the item as FPC_Number in page Zero and have also set up a region in Page Zero where the FPC Number will be displayed across all pages of the application. It will not have a value until the user explicitly selects one from a drop down menu, so initially the value will be null. I'm having issues assigning the value. The value will not be assigned during the page rendering phase but at the page processing phase, correct? I have a computation set up as 'begin
APEX_UTIL.SET_SESSION_STATE('F101_PROJECT_NUMBER',V('P14_PROJECT_NUMBER')); end; '. Does this look right? I get the error: PLS-00103 when I try to execute this. Any ideas?
Update: I have deleted the calculation and am using a process only. I no longer get the PLS-00103 error message but still no value is displayed in Session_state.APEX version?
What type of item is "FPC_Number in page Zero"?
Where is this process and when does it run?
You said "I've defined the item as FPC_Number in page Zero", but the process is setting the value of F101_PROJECT_NUMBER—which looks like an application item—rather than "FPC_Number in page Zero".

Connect Java Application with a Session Bean

Hi,
my Problem is following:
I have session bean (stateless) and i try to write i client for it!
I get always the same error message, when i call the java ClientApplication from the Command line:
java -jar Betting_server.jar BettingServer
StartBetting Server
Part1
Caught an unexpected exception!
javax.naming.NoInitialContextException: Cannot instantiate class: org.jnp.interfaces.NamingContextFactory. Root exception is java.lang.ClassNotFoundException: org.jnp.interfaces.NamingContextFactory
at java.net.URLClassLoader$1.run(URLClassLoader.java:198)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:186)
at java.lang.ClassLoader.loadClass(ClassLoader.java:299)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:265)
at java.lang.ClassLoader.loadClass(ClassLoader.java:255)
at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:315)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:217)
at com.sun.naming.internal.VersionHelper12.loadClass(VersionHelper12.java:42)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:649)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:243)
at javax.naming.InitialContext.init(InitialContext.java:219)
at javax.naming.InitialContext.<init>(InitialContext.java:195)
at at.siemens.mma.iap.betting.server.CreateQRunTimer$RemindTask.run(CreateQRunTimer.java:47)
at java.util.TimerThread.mainLoop(Timer.java:432)
at java.util.TimerThread.run(Timer.java:382)
My configuration:
jboss-3.2.1_tomcat-4.1.24
j2sdkee1.3.1
j2sdk1.4.1_02
My Client Class:
package betting.server;
import javax.naming.InitialContext;
import javax.rmi.PortableRemoteObject;
import java.util.*;
import betting.ejb.*;
public class CreateQRunTimer {
     Timer timer;
     public CreateQRunTimer() {
          timer = new Timer();
          timer.schedule(new RemindTask(),
                    0, //initial delay
                    1*60*1000); //subsequent rate 30 minutes
     class RemindTask extends TimerTask {
          public void run() {
               String logicalBettingBeanName = "MyBetting";
               Betting bet;
               BettingHome bethome;
               try
                    System.out.println("Part1");
                    Properties props = new Properties();
                         props.put("java.naming.factory.initial", "org.jnp.interfaces.NamingContextFactory");
                         props.put("java.naming.factory.url.pkgs", "org.jboss.naming:org.jnp.interfaces");
                         props.put("java.naming.provider.url", "localhost:1099");
                    InitialContext ic = new InitialContext(props);
                    System.out.println("Part2");
                    Object objref = ic.lookup(logicalBettingBeanName);
                    System.out.println("Part3");
                    bethome =(BettingHome)PortableRemoteObject.narrow(objref,BettingHome.class);
                    bet = bethome.create();
                    long qRunMagicNum = bet.DB_CreateQRun();
                    if(bet.CreateConfigurationFileQuery(qRunMagicNum) == false)
                         // failed
                         System.out.print("CreateConfigFileQuery failed");
                    else
                         bet.TransferXMLFiles("tvbetqrun.conf",0);
                         System.out.print("CreateConfigFileQuery succed");
               catch (Exception ex)
                    System.err.println("Caught an unexpected exception!");
                    ex.printStackTrace();
               System.out.println("Run GG");
               //System.exit(0); //Stops the AWT thread (and everything else)

Normally, if you are executing the client from the command line, you do not specify the classpath in a XML file (unless you are using ant or something similar). You can specify the classpath by using the -classpath option.
Try something like
java -classpath <path_to_jboss>/client/jbossall-client.jar;Betting_server.jar BettingServer
You can check the classpath in your client with the statement
System.out.print(System.getProperty("java.class.path"));

How to load some setting in application bean on web application start up?

Hi
Thank you for reading my post
Is it possible to load some setting in applicationBean when the web application starts?
And also
I need to store some of my application configuration in a .properties file
can some one please help me with the following items ?
-How i can access the .properties file
-where should i put it.

Hi
Thank you
How i can load the .properties files ?
how should i find the path ? some servers does not allows an application to find the real path to load a file.
Thanks

Problem with application item and session state

Okay, let's see if I can explain this problem coherently.
I have a small app (one page), with an application item, F_WHERE_CLAUSE.
This page has three regions in which there are items that the users can populate for search conditions. A couple of these items are "select list with submit" (I still need to upgrade to the AJAX method, I know). There is another region which has one hidden field, called P1_WHERE_CLAUSE. This field is defined to "Always, replacing any value in session state..." with source type of "Item (application or page.....", and a source value of F_WHERE_CLAUSE with no default value.
I have a button called "Search" which submits the page and fires a PL/SQL process which builds a where condition based upon the other page items and stores the value to the application item F_WHERE_CLAUSE (correctly).
For testing, I've made the P1_WHERE_CLAUSE field visible so that I can see what's going on. I've also clicked the debug and session buttons to help trace this. After I click the "Search" button and the page submits, debug shows:
0.02: ...Session State: Save "P1_WHERE_CLAUSE" - saving same value: "1=1"
followed later by:
0.05: ...Session State: Saved Item "F_WHERE_CLAUSE" New Value="lower(primary_class) = 'rock' and country = 'Spain'"
The field P1_WHERE_CLAUSE displays with the correct search criteria as signified by F_WHERE_CLAUSE above. However, If I click the "session" button to view the session state values, P1_WHERE_CLAUSE shows up as:
P1_WHERE_CLAUSE Textarea 1=1 U while F_WHERE_CLAUSE displays the correct value still.
The reason this "problem" came up, is that this page also has three SQL report regions which use &P1_WHERE_CLAUSE. for the where condition. While they display the correct results on-screen, each report region also has the "Export to csv" enabled, and the export seems to be using the "1=1" condition (from the "session" window) instead of the search criteria that the on-screen region is using (F_WHERE_CLAUSE and the displayed P1_WHERE_CLAUSE), resulting in a retreival of all records.
Anybody have any idea what's going on and why, and how to get the csv export to use the correct value for the where condition?
Thanks,
Bill Ferguson

It appears the "Export to CSV" functionality requires the item value to be set in session state. The P1_WHERE_CLAUSE item value never gets saved to session state. The page is rendered and the value is put in the item on the page but until you submit the page session state doesn't know what P1_WHERE_CLAUSE is.
Create a before header computation or process to set the value of P1_WHERE_CLAUSE (which will save it to session state). It is interesting that the report regions didn't need to look at the value in session state but the "export to csv" does.
--Jeff

How to use bsp application SYSTEM for session handling.

Hi All,
We are implementing OCI.We have a few BSP applications that are called by standard ITS application.I need to destroy session at server side when the browser is closed for that..
I copied the pages session_default_frame.htm and session_single_frame.htm from bsp application SYSTEM into my application and made necessary changes.
I need to pass one url 'HOOK_URL' (this is related to OCI) from starting page of application to final page.
Now suppose earlier there were two pages in my application page1.htm and page2.htm , so i was able to pass the HOOK_URL from page1 to page2 but after adding the two pages from SYSTEM application , i can pass the HOOK_URL from session_single_frame.htm to page1.htm
Page session_single_frame.htm:
Page attributes:
hook_url     TYPE     STRING (AUTO)
OnRequest:
navigation->set_parameter( hook_url ).
but cant pass it from page1 to page2...what additional code is required?
page page1.htm:
Page attributes:
hook_url     TYPE     STRING (AUTO)
onRequest:
navigation->set_parameter( 'HOOK_URL' ).
the above code was working fine until i added the two new pages to my application.
Hope i was able to explain the issue properly.
Thanks,
Anubhav.

Hi,
Let me describe the steps i have taken oncw again:
1)Copy page session_single_frame and session_default_frame from SYSTEM application and changed the name in
DATA: target_page               TYPE STRING VALUE 'session_test.htm'.
to
DATA: target_page               TYPE STRING VALUE 'mypage1.htm'
2)Addes a page attribute HOOK_URL of type string (AUTO) to session_single_frame.htm .
3)Added the line
<i n p u t t y p e="hidden" na m e ="HOOK_URL" v a l ue = "< % = hook_url %>">
to page1.htm so that hook_url is passd to page2.htm (page2.htm has a page attribute HOOK_URL of type string and auto).
The hook_url in page2.htm looks like:
"http://sapupd.mycompanyname.com:8002/sap(cz1TSUQlM2FBTk9OJTNhc2FwdXBkX1NSTV8wMiUzYXJUaHBOdE1VZDdhWkVTa3hYZGtPTXRxY1NBTWo3VlAwN3NWQ2c2REYtQVRU)/bc/gui/sap/its/bbpsc02/?~OkCode=ADDI&~Target=_top&~Caller=CTLG&~sap-syscmd=NOCOOKIE&~client=200&~language=EN&~HTTP_CONTENT_CHARSET=utf-8";
The problem is that after the page is submited , a blank page comes up .
On closing this blank page the "Endig user session" window comes.
Please help
Thanks,
Anubhav.
Edited by: Anubhav Jain on Oct 21, 2008 6:49 AM

Application lost existing session due to new jsession id.

Hi Team,
We have three linux box in production and each box contains apache and weblogic managed server.
IP and apache port is configured in our ACE load balancer.
-----A1---M1
|
ACE- --|-----A2---M2
|
-----A3---M3
A1,A2,A3-Apache servers, M1,M2,M3 - Managed servers.
apache version is 2.2.22 and weblogic version is 11G. mod_wl.so is used to redirect from apache to weblogic.
Each apache will redirect to corresponding managed server.
Our application(java based) is deployed in weblogic cluster.
when the user test the application via load balancer, it cater the request to apache and apache redirect to managed server.
The problem is new jsession id is creating in between some request and application lost our existing session
we have captured http headers and have seen new cookie created in response header.
<header>Set-Cookie: JSESSIONID=pjrLRs2QCPpnP89p553Y4y0MfGp6rTy3kv4sP5TQG5MV3mV4xmfm!-1368207527; domain=.abc.com; path=/; secure=true</header>
The above problem doesnt happen when we use single apache server.
-----A1---M1
|
ACE -| A2---M2
|
A3---M3
Can you please help here to sort out this issue.
Regards,
Ganesan
Edited by: 992087 on Mar 6, 2013 2:39 AM

jpark5009,
Thank you so much for the full details on the issues that you are having. I do apologize that no one has reached out to you after the call was lost. We want to make sure we get a chance to review the account. The only way we can do that is to be in a direct message. I did send you a direct message. Please respond back to that message.
KevinR_VZW
Follow us on Twitter @VZWSupport

Authentication in clustered web application without sticky session

I have built JSP/Servlet/Struts application in the past on a cluster of app servers. Each app server has its own JVM running the Servlel Container. All of the HTTP requests come into a hardware load balancer, which directs the requests to one of the app servers in the cluster.
I have wanted to use the Java HttpSession management without any kind of distributed session provided by the app server. We have used "sticky" sessions. The application writes a cookie to the client on the first request. The load balancer looks for that cookie on subsequent requests and directs the request to the server that originally wrote the cookie. This ensures that all requests within the same session are handled by the same application server. This also means that if I do request.getSession().setAttribute("authenticated",true) on one request, when I do request.getSession().getAttribute(authenticated) on subsequent requests in the same session, I can be sure the value will not be null. This allows me to create a filter that checks for that session attribute on each request, and if it is false or null, redirect the request to some sort of login page. Otherwise I can be sure the user has logged in.
I want to build a stateless/non-session based application that can still handle authentication. What I mean by that is that I don't want the load balancer to have to send requests for the same session all to the same server. I would like the load balancer to send each request where ever it wants. That means the simple authentication example I explained in the last paragraph would not work. The user could login on server A, but then on a subsequent request during the same "session", the user's request could be handled by server B. In that case, the session attribute would be null, and the app would think that the user has not logged in.
My application can require that users have cookies enabled, so therefore I can assume the user is accepting cookies (I would have something to check that and redirect the user to an error page saying "turn cookies on" if cookies weren't on). I think one thing that I could do is use encrpytion with a key that is shared between all the servers in the cluster. For example, user logins in on server A, server A writes a cookie with the contents "username,1109272102009". The first part being the username that the user successfully authenticated as and the second part being a timestamp for when the cookie was created. The contents of the actual cookie would be encrypted and I would send the ciphertext as the value of the cookie. When server B gets the cookie, it can decrypt the ciphertext (using the same key as was used to encrypt the data on server A), and check that the username is valid and that the timestamp does not exceed some timeout. The timestamp in the cookie would then have to be updated for the next request.
So my question is (thanks for sticking with me and reading this really long post), has anyone done anything like this before? Is what I have described totally ridiculous or insecure? Are there any books or articles that describe a pattern similar to this that has been know to work well?

I have worked on a web site that did exactly that.
The cookie contained a little bit more information - there was a small amount of user data that were needed on heavily accessed pages.
You'll have a problem if your web application uses attributes. We solved this by keeping most stuff in hidden inputs (backed up by hidden input cryptographic checksums in places where forgery was a concern.) HttpSession attributes have some problems and gotchas.
A few possible fine tunings:
Add a random number to the cookie. Should make known plaintext attacks harder.
Add some extra stuff to the cookie, so that any random hex string that happens to decode to "xZoiyqw,15" isn't accepted. It's easy to try a million cookies until you get "<something>,<integer>" but getting "<something>,<integer>,HelloHowAreYou" is a lot harder.
Be paranoid in checking the format of the cookie. If you add a random number, check that it is all digits etc. Belt and suspenders: also check that the time stamp isn't in the future (allow e.g. 15 seconds future time, in case different servers' clocks are a bit off.)
Don't update the cookie at every hit, only if the time stamp is older than a couple of minutes. Saves encryption CPU power.
After encrypting, prepend a short version number to the cookie. E.g. if the hex cookie is ABCDEF, make it 1ABCDEF. If you later e.g. change the encryption algorithm, change version to 2 and you can easily skip any obviously non-decipherable cookies. A second version number within the cookie might or might not be useful.
Even though you can make random load balancing, consider not doing that. E.g. a server might pull the user's name from the database into memory cache. You get less database traffic and smaller caches if the user still goes to the same server. If a server goes down, only then switch him elsewhere. Downside though: if one server is "half alive" (doesn't respond to requests but alive enough so the load balancer doesn't notice the malfunction), all users bound to that server see a 100% failure.
Benchmark cookie decryption time when selecting the crypto algorithm. How many hits per second you can get and how many you need.
Guard your crypto keys like the crown jewels. Change them periodically and whenever someone in your company (especially IT department) gets the pink slip.

Passivation of Application Module before session timeout

Hi,
JDeveloper : Studio Edition Version 11.1.2.3.0
Oracle 11g Database
WLS - 10.3.5
I have an application (ADF BC and ADF Faces) built with jsff fragment and I have set user session time out in 4 hours.
After some time (even before 1 hour of inactivity) I receive following error and unable to work on the page. I have to log out and login again to proceed.
After approx 20 minutes of inactivity I can see the following log messages:
<LoopDiagnostic> <dump> [12212] variables variables passivated >>> enterScheduledTimeSheet1_tsDate=2013-05-02
<LoopDiagnostic> <dump> [12213] variableIterator variables passivated >>> TrackQueryPerformed def
<LoopDiagnostic> <dump> [12214] variableIterator variables passivated >>> TrackQueryPerformed def
<LoopDiagnostic> <dump> [12215] variableIterator variables passivated >>> TrackQueryPerformed def
<LoopDiagnostic> <dump> [12216] variableIterator variables passivated >>> TrackQueryPerformed def
<LoopDiagnostic> <dump> [12217] variableIterator variables passivated >>> TrackQueryPerformed def
<DCUtil> <findSpelObject> [12218] DCUtil, returning:oracle.jbo.uicli.binding.JUFormBinding, for com_core_fragments_timesheet2ListingPageDef_com_core_task_flows_timesheet_task_flow_xml_timesheet_task_flow
<JUCtrlHierNodeBinding> <release> [12219] released: ROOT node binding:noCtrl_oracle_adfinternal_view_faces_model_binding_FacesCtrlHierNodeBinding_587, value:TimesheetProjectsVO1Iterator
<JUCtrlHierNodeBinding> <release> [12220] released: ROOT node binding:noCtrl_oracle_adfinternal_view_faces_model_binding_FacesCtrlHierNodeBinding_588, value:TimeTakenList1Iterator
<JUCtrlHierNodeBinding> <release> [12221] released: ROOT node binding:noCtrl_oracle_adfinternal_view_faces_model_binding_FacesCtrlHierNodeBinding_590, value:TbaaTimesheetDailyentryView1Iterator
<DCIteratorBinding> <releaseDataInternal> [12222] Releasing iterator binding:variables
<DCIteratorBinding> <releaseDataInternal> [12422] Releasing iterator binding:allClients1Iterator1
<DCIteratorBinding> <releaseDataInternal> [12423] Releasing iterator binding:allClients1Iterator2
<ApplicationPoolImpl> <resourceStateChanged> [12424] ApplicationPoolImpl.resourceStateChanged wasn't release related. No notify invoked.
<ApplicationModuleImpl> <resetState> [12425] Resetting AM=Root
Is there any way to keep the session alive and keep the application state alive till session times out (4 hours in this case).
Do I need to setup any other parameters etc.
Thanks in advance.

You should read http://download.oracle.com/docs/cd/E15523_01/web.1111/b31974/bcstatemgmt.htm#sm0318 and http://download.oracle.com/docs/cd/E15523_01/web.1111/b31974/bcampool.htm#sm0299 as these parameters control when the application module gets passivated.
However, if you see this kind of problem it points to a general problem with activation/passivation in your application modules. I strongly recommend that you test your application with application module polling turned off. Then the application module is passivated after each request and errors in this region should pop up even on the developer pc.
For more info read http://tompeez.wordpress.com/2011/07/08/jdev-always-test-your-app-with-applicationmodule-pooling-turned-off/
Timo

Application bean or session bean

Similar Messages

Maybe you are looking for