Authentication & Session Management questions

Similar Messages

• NI session manager question

  I use NI session manager to control instrument,when I get the instrumenthandle and  can testing .but my question is :
  if I close instrument power and not close NI teststand,but the teststand can run sucess ,my dll document run in demo.
  but I think there must be a error ,and the dll return value is 0. in fact ,if the instrument closed, the return value maybe a negative.
  how can I deal with it ?

  Hello Sean,
  I want to make sure I fully understand your question.  Do you have a DLL that you are calling in your TestStand sequence as a code module?  If so, does a function within the DLL return a negative number if the instrument is not powered?  Is your overall question how can you determine whether the return value from the DLL is negative and make a decision based on this result?  Thanks in advance for these answers!
  Matt G.
  National Instruments
  Applications Engineering

• Web service authentication/session management using Axis2

  I'm creating a web service using Axis2 where the client will need to login to the service and maintain a session. I'm trying to figure out a good way to do this. I've read the article on the following link:
  http://www.developer.com/services/article.php/3620661/Axis2-Session-Management.htm
  and it describes 4 main ways of doing this: Request Session Scope, Soap session scope, Transport session scope, and Application scope. However, it doesn't give much detail in actually implementing this. It says to add a parameter to services.xml like this:
  <service name="foo" scope=" transportsession">
  </service>
  but what about the actual code that goes in the server and client to actually handle the login process and verify the username/password in an SQL database on the server? I'm having a lot of trouble finding a good tuturial on this. Can anyone point me in the right direction? I'm also open to other ideas that don't necessarily directly involve Axis2.

  Session management for a web service and already answered. Locking.

• Session management question

  I have a requirement to prevent multiple sessions per user id. So, when a
  user logs in to our app, any existing sessions he has must be invalidated.
  Does anyone know the correct WebLogic API call to use to locate a session
  object for a given user id? I need to call this so that I can invalidate the
  existing session.
  Thanks,
  Rob.

  Hi Rob,
  Using Servlet 2.3 features this can be done using the sessionCreated and
  sessionDestroyed API (chapter 10 of the servlet 2.3 Spec). This Spec has been
  implemented in WLS 61.
  These methods are provided by the HttpSessionListener interface and they are
  called by the container whenever a session is created or destryed as their name
  suggests. These methods take in HttpSessionEvent as their parameter which can be
  use to get a handle of the corresponding Session object. Once you get this
  handle you can store it in a Hashtable with userID as the key.
  You can use this Hashtable to verify if the session for a particular user
  already exists or not. Once the session is invalidated, the sessionDestroyed
  method will be called and this allows you to remove the session handle from the
  Hashtable. The Hashtable thus, maintains a list of active sessions in an web
  application.
  A sample impl:
  public void sessionCreated(HttpSessionEvent evt){
  sess = evt.getSession();
  /* have code to populate the sesion Attributes */
  log("\nsession created " + sess.getId() );
  log("Session id: " + sess.getAttribute("userID") );
  synchronized(this) {
  h.put(sess.getAttribute("userID"), sess);
  public void sessionDestroyed(HttpSessionEvent evt){
  sess = evt.getSession();
  log("\nsession destroyed: " + sess.getId() );
  synchronized(this) {
  h.remove(sess.getAttribute("userID"));
  hope this helps,
  mihir
  Rob Worsnop wrote:
  OK. I posted the original message after speaking to BEA tech support. They
  had told me there was an API for getting hold of the session. Now they tell
  me there is not.
  It looks like I have to implement this particular aspect of session
  management myself.
  It's a pretty simple task - provided you expect no more than a few hundred
  users logged on at a particular time.
  Anyone got any tips about how to implement this in scalable manner?
  Thanks,
  Rob.
  "Rob Worsnop" <[email protected]> wrote in message
  news:[email protected]...
  I have a requirement to prevent multiple sessions per user id. So, when a
  user logs in to our app, any existing sessions he has must be invalidated.
  Does anyone know the correct WebLogic API call to use to locate a session
  object for a given user id? I need to call this so that I can invalidatethe
  existing session.
  Thanks,
  Rob.

• Session management error: Authentication Rejected error

  Please help me with this error I get when trying to build qdvdauthor:
  /opt/qt/bin/uic qplayer/engines/dialogqxinesetup.ui -o .ui/dialogqxinesetup.h
  Session management error: Authentication Rejected, reason : None of the authentication protocols specified are supported and host-based authentication failed
  the xhost + command does not help and ...
  the command: xhost +localhost gives me the following message:
  xhost:  bad hostname "localhost"
  Thank you

  br4 wrote:
  no
  in /etc/rc.conf
  # NETWORKING
  HOSTNAME="myhost"
  and /etc/hosts is 127.0.0.1
  i use dhcp . so should i change the /etc/rc.conf ?
  At least something worked!  FYI, I use dhcp as well and here are the relevant parts of my /etc/rc.conf
  # NETWORKING
  HOSTNAME="darkstar"
  and /etc/hosts
  #<ip-address> <hostname.domain.org> <hostname>
  127.0.0.1 localhost.localdomain localhost darkstar

• GnomeUI-WARNING While connecting to session manager:Authentication Rejected

  Hi:
  I was running Oracle eBusiness Suite R1211 on Enterprise Linux 5.3.
  When I try to run HelloWorld on OA Framework tutorial I got the following error
  (Gecko:6415): GnomeUI-WARNING **: While connecting to session manager: Authentication Rejected
  Does any one has idea how to resolve the problem?
  Please help
  sem

  Check the DBC file is updated one & are the connection is working or not.
  Thanks
  --Anil                                                                                                                                                                                       

• Session management problems with SSO

  Hi all-
  I've been getting an Apex app tied to SSO as a partner app (per http://www.oracle.com/technology/products/database/application_express/howtos/sso_partner_app.html). So far, it sort of works. If I go to my apex app, it redirects me to SSO, where I authenticate and end up back in the apex app. Great. Here are two problems I've run into:
  1. If I am already authenticated to SSO, and I go to my apex app (url like: http://host/pls/apex/f?p=101:1), my browser goes into an infinite redirect (url like: http://host/pls/apex/f?p=101:1:::::FSP_AFTER_LOGIN_URL:\f? p=101|1|||||FSP_AFTER_LOGIN_URL|\f?p=101|1|||||FSP_AFTER_LOGIN_URL|\f? p=101|1|||||FSP_AFTER_LOGIN_URL|\f?p=101|1|||||FSP_AFTER_LOGIN_URL|\f? p=101|1|||||FSP_AFTER_LOGIN_URL|\f?p=101|1|||||FSP_AFTER_LOGIN_URL|\f? p=101|1|||||FSP_AFTER_LOGIN_URL|\f?p=101|1|||||FSP_AFTER_LOGIN_URL|\f? p=101|1|||||FSP_AFTER_LOGIN_URL|\f?p=101|1|||||FSP_AFTER_LOGIN_URL|\f? p=101|1|||||FSP_AFTER_LOGIN_URL|\f?p=101|1|||||FSP_AFTER_LOGIN_URL|\f? p=101|1|||||FSP_AFTER_LOGIN_URL|\f?p=101|1|||||FSP_AFTER_LOGIN_URL|\f? p=101|1|||||FSP_AFTER_LOGIN_URL|\f?p=101|1|||||FSP_AFTER_LOGIN_URL|\f? p=101|1|||||FSP_AFTER_LOGIN_URL|\f?p=101|1|||||FSP_AFTER_LOGIN_URL|\f? p=101|1|\\\\\\\\\\\\\\\\\\\). To resolve, I have to clear cookies.
  2. If I am using my apex app, then log out of SSO (in another browser window), I can still click around in my apex app (i.e., apex thinks I'm still authenticated).
  Anyone have any thoughts? I'm wondering if I need to do something in page session management (under authentication schemes) to fix #2, but I have no clue about #1.
  Thanks
  Rob

  Hi Scott-
  Thanks for the info on #2 - I'll work on that after I get #1 sorted out, since it's the more dire problem. Here's some more info:
  Apex version = 3.0.1.00.08
  SSO SDK = ssosdk902.zip
  I set it up as "My Application as Partner App." I used "MY_PARTNER_NAME" as SSO Partner Application Name. In the list of SSO Partner Apps on the SSO Admin page, my partner app name is also MY_PARTNER_NAME. It gives the following info:
  Login URL:      https://sso_host/pls/orasso/orasso.wwsso_app_admin.ls_login
  Single Sign-Off URL:      https://sso_host/pls/orasso/orasso.wwsso_app_admin.ls_logout
  Home URL: http://apex_host/pls/apex
  Success URL: http://apex_host/pls/apex/RBLICK.YOUR_PACKAGE.PROCESS_SUCCESS
  Logout URL: http://apex_host/pls/apex
  RBLICK is the schema owning the apex app. In there, I created a package called YOUR_PACKAGE:
  create package YOUR_PACKAGE as
  procedure process_success(urlc in varchar2);
  end YOUR_PACKAGE;
  CREATE PACKAGE BODY YOUR_PACKAGE AS
  procedure process_success(urlc in varchar2) as
  begin
  wwv_flow_custom_auth_sso.process_success(
  urlc=>urlc,
  p_partner_app_name=>'MY_PARTNER_NAME');
  end process_success;
  END YOUR_PACKAGE;
  Anything look obviously wrong to you?
  Thanks!
  Rob

• What is the difference between Session timeout and Short Session timeout Under Excel Service Application -- session management?

  Under Excel Service Application --> session management; what is the difference between Session timeout and Short Session timeout?

  Any call made from the API will automatically be set to the “Session Timeout” period, no matter
  what. Calls made from EWA (Excel Web Access) will get the “Short Session Timeout” period assigned to it initially.
  Short Session Timeout and Session Timeout in Excel Services
  Short Session Timeout and Session Timeout in Excel Services - Part 2
  Sessions and session time-outs in Excel Services
  above links are from old version but still applies to all.
  Please remember to mark your question as answered &Vote helpful,if this solves/helps your problem. ****************************************************************************************** Thanks -WS MCITP(SharePoint 2010, 2013) Blog: http://wscheema.com/blog

• Session management and java Web Service

  Hi ,
  Can I have two web services one based on Session bean and other on Simple java class, packaged into single ear file? Does NetWeaver supports web service session management/tracking? How can I get an handle to HttpRequest in my Web Service?
  Any help will be appreciated.
  Thanks in advance
  regards,
  rajinder

  Container Managed Authentication. Does everything you need.

• Session Manager not thread safe

  We are running 6.0 web server with IWSSessionManager turned on. We have the failover set to true so that we always load from the persistent store.
  We had a situation where a frame set invoked 2 requests to the application. The logic in the session manager seems to be for each request:
  1) the session is loaded from the database.
  2) the new session overwrites the session in memory.
  3) the servlet/jsp uses that session.
  4) that session is persisted.
  Now.. if only one of the requests actually modifies the session then threadA and threadB have 2 session instances which have unique objects with the same session id. The last one to complete is stored in the database. This would result in data loss. (btw.. the code in question is IWSSessionManager.getSession(String id, ServletContext context)).
  Has anyone else seen this, or have we set up something really wacky?
  Thanks!
  -- bk

  c

• Win 7 "Desktop WM Session Manager" stopped by FW CS5

  Whenever I start Fireworks CS5 it stops my "Desktop Window Manager Session Manager" thus disabling Aero in WIndows 7.
  Any clues on how to prevent this from happening??
  Everything seems to work fine elsewhere (Photoshop, InDesign, Illustrator) just Fireworks has a problem.

  This seems like an older issue.
  http://superuser.com/questions/26195/issue-with-fireworks-8-on-vista-windows-7-and-aero
  Can someone please comment if they have this happen also.
  Is there some kind of work around that anyone knows of?

• Database session management in APEX

  How is the database session managed in APEX? I found that sometimes a database session can last from page to pages in an APEX application, but sometimes every page starts a new database session.
  Is there a way to control the database session in APEX?
  Thanks,
  -Fengting

  Since HTTP is a stateless and connectionless protocol, you are not guaranteed to get the same database session between pages. APEX maintains the session state implicitly. Each session is assigned a unique identifier with APEX. The APEX engine uses the session ID to store and retrieve the applications working set of data or session state before and after each page view.
  The session information persists in the database until purged. Therefore, as long as the client's session cookie has not expired, a user can continue running the application long after having first launched it. This is also what allows a user to run multiple instances of an application simultaneously in different browser sessions.
  That being said, I think the answer to your question is that it is not necessarily going to be the same database session (but could be), nor can you control it. You should use session state.

• What's the role of jsessionids in ADF session management?

  Hi all,
  I'm fairly new to ADF and I've had a client ask me if ADF is using jsessionid consistently for sessionization.
  From a quick google search it sounds like all J2EE applications will be using jsessionids as part of their session management, and it doesn't look too difficult to access this information programmatically. Can anyone elaborate for me on what exactly jessionids are and whether they are guaranteed to exist if a session of an ADF application has been instantiated? Basically I think I know the answer to my client's question is yes, but can anyone help me understand the role of jsessionids in ADF apps and other J2EE apps?

  Hi.
  This is a basic behavior in all Java application servers, as it is mandated by the Java Enterprise Edition specification. The ID is used to match the HTTP request to its session object. Basically, the web container will add jsessionid to the URL when the session id cannot be saved in a cookie. This behavior can also be enforced through settings in weblogic.xml, for example, if you are using WLS.
  ADF is built on the top of JEE; consequently, it uses jsessionid in exactly the same way as any other Java application.
  Best Regards,
  Frédéric.

• Session management for a web service

  I am building a web service where the user will need to login and the application will need to maintain a persistent session. I am using Apache Axis2 for client/server communication via SOAP/XML. What would the simplest and most common way of doing this? I know I could implement session management from scratch similarly to how a browser does it, using cookies, but I'd rather use standard Java libraries for this. Am I correct in assuming that even though I'm using Axis2, the solution doesn't really have anything to do with Axis2 since Axis2 is basically just a way for the client/server to send messages to each other?
  I've read a lot of information online about this, but there's so much information that it's hard to know where to start. Basically I'm just looking for someone to point me in the right direction on what classes to use and so on. I just need a simple username password authentication and session management system for a web service.

  Container Managed Authentication. Does everything you need.

• Re: (forte-users) Session management for page builder(fwd)

  Jaco,
  Hope this helps,
  John
  John Soper, Information Systems Development, ITS, The University of Melbourne
  email: j.soperits.unimelb.edu.au >>>> Tel: 9344 5612---------- Forwarded message ----------
  Date: Mon, 10 Jan 2000 16:34:31 +1100
  From: Lyle Winton <L.Wintonits.unimelb.edu.au>
  To: John Soper <j.soperits.unimelb.edu.au>
  Subject: Re: (forte-users) Session management for page builder (fwd)
  Why not construct an intermediate page after the
  login page that has SESSION_UNSPECIFIED and
  a refresh META tag. The page can then refresh
  to either the login failed or login succeeded pages
  depending on how the login went! Looks like...
  1) Login page (SESSION_UNSPECIFIED)
  2A) Refresh page (SESSION_UNSPECIFIED)
  < HTML >
  < HEAD >
  < META http-equiv="refresh"
  content="0;URL=<a href=
  "http://www.blah.com/forte.cgi?PageName=3">http://www.blah.com/forte.cgi?PageName=3</a>" >
  < /HEAD >
  < BODY >
  Login succeeded. Please wait...
  < /BODY >
  < /HTML >
  2B) Refresh page (SESSION_UNSPECIFIED)
  < HTML >
  < BODY >
  Login failed.
  < /BODY >
  < /HTML >
  3) We're finally in. (SESSION_REQUIRED)
  I'm not sure if this works on internet exploder.
  Lyle.
  John Soper wrote:
  Lyle,
  (Post from forte mailing group)
  Does this make sense to you?
  John
  John Soper, Information Systems Development, ITS, The University of Melbourne
  email: j.soperits.unimelb.edu.au >>>> Tel: 9344 5612---------- Forwarded message ----------
  Date: Thu, 30 Dec 1999 07:54:24 +0200
  From: "Jaco Erasmus (home)" <jacoerasmweb.co.za>
  To: kamranaminyahoo.com
  Subject: (forte-users) Session management for page builder
  Hi everybody,
  We have a lot of legacy code making use of the page builder service to
  produce web pages. These pages were originally written without session
  management. I'm now busy adding session management to them, but there is
  one problem with this approach and I will appreciate if someone can shed
  some light on it. Here it is:
  Page one is submitted.
  Some validation (authentication) takes place and depending on the outcome,
  either page 2A (SESSION_REQUIRED) or 2B (error page with
  SESSION_UNSPECIFIED) must be displayed. In order to implement this, I
  needed a place to make a decision. The way I've done it, is to pass a
  'virtual page' (SESSION_UNSPECIFIED) to the page builder service. The
  validation is done here and request.PageName is then replaced with the
  PageName of pages 2A or 2B. The HandleRequest() method is then called
  again. The problem is that the ValidateSession() method does not get
  invoked again, thus allowing 2A through without a session. How do I make
  sure that the ValidateSession() method get invoked again?
  The approach making use of templates look to me as if it has all the means
  to do this (redirect tag), but I don't want to rewrite everything if I
  don't have to. Is there a way that a pagebuilder page can be specified by
  the redirect tag? This will definitely help, but so far I've only managed
  to call templates from the redirect tag.
  Is the template approach better suited for session management? It is
  definetely better documented...
  Regards.
  Jaco
  For the archives, go to: http://lists.sageit.com/forte-users and use
  the login: forte and the password: archive. To unsubscribe, send in a new
  email the word: 'Unsubscribe' to: forte-users-requestlists.sageit.com

  Hi,
  i hope this helps
  http://help.sap.com/saphelp_nw70/helpdata/EN/7e/aa610cc1dd8f4388b1df02fc362f0f/frameset.htm
  http://help.sap.com/saphelp_nw70/helpdata/EN/69/c250754ba111d189750000e8322d00/frameset.htm
  regards,
  Anil.