BC4J cleaning up after session timeout

Similar Messages

• Error re-logging in after session timeout using form-based authentication

  Hello,
  We have a web app configured for form-based authentication. When the session times out, we're redirected to our login page as expected. However, after re-logging in, we are not redirected to the desired page (e.g., /faces/OurMainPage.jspx) but to /afr/page_lev_idle.gif.
  Do we have to do anything special for session timeouts?
  Thanks,
  Rico

  Some extra information that might help:
  After re-logging in and we're in /afr/page_lev_idle.gif, we hit the browser Back button (showing the login page again) and then hit the browser Refresh/Reload button and voila we're at the page we expect to be.
  Rico

• OO4O process never killed/clean up after session=NULL

  After session object is set to NULL, still the oracle processes are in memory, never cleaned up. Does require any special methods to kill the process.
  dbObject.Close(); // called
  dbSession = NULL ; // set session object to null
  Oracle processes are still in memory and crashes server.
  Using Oracle ver 8.1.7/OO4O 3.15
  What is wrong here?
  Anyone came across similar issues..

  Have you tried to remove all OraParameters after stored procedure call and before assigning null to session?
  Otherwise there may be circullar references between OraDatabase and OraParameter causing memory leak after releasing your reference to OraSession.

• SSO not accepting username and password after session timeout

  Dear Charan,
  We have the same issue after ATG upgrading from 12.1.1. to 12.1.3, Users are facing the same error.
  Error:  The application you are trying to access requires you to sign in again even if you have signed in previously.
  Sign In
  I have set "inactivity period to 0" instead of 15 min, but did not disable the GITO.
  After upgrade I did not de-register/register the SSO, does it requires?
  Please advise if you have resolve this issue.
  Regards,
  Ravi Purbia

  Dear Helios,
  I have raise the SR and they asked me to follow the same document 1303564.1 solution 1, solution 2, solution 3, but it does not help still the issue is exist, users are upset to re-login issue.
  Dear Charan,
  Did you resolve this issue, please guide us.
  All I have done is Oracle Apps12.1.1 upgraded to 12.1.3 and my OID/SSO version 10.1.4.3.
  Appriciate if anybody can help me on this.
  Regards,
  Ravi Purbia

• Handle Session Timeout

  I am using JDeveloper 11.1.1.6.
  I am trying to gracefully handle session time outs in ADF. My application has been experiencing the 'canned' ADF session timeout popup when I am logged into my application and the session has timed out. That same popup is rendered even if I am sitting at my login page but haven't signed in.
  I have followed Frank Nimphius's guidance as explained in the following forum to have my application re-direct to the login page after session timeout. That works great thanks to his well detailed document.
  ADF Faces : session timeout best practice
  The concern I have now is if I am sitting at my login page and my session times out, the application stays at the login page. I now type my credentials and click log in. Because the application thinks my session is timed out, I am taken back to the login page. Ideally I wouldn't think the login page would hold a session. Do you have any guidance on how I can get around this.

  Hi,
  what about using programmatic login, in which case the login form is part of a public page (see http://www.oracle.com/technetwork/issue-archive/2012/12-jan/o12adf-1364748.html for an example you can download)
  Frank

• Session Timeout in weblogic 6.1 SP3-- Urgent

  Hi
  We are currently using weblogic 6.1 SP3 and iPlanet for our application. The session timeout in web.xml is set to 100 mins but the session doesn't timeout, i.e., we can still access the application without being locked out. How can I fix this??
  What is happening is that a new session is being created automatically after the sesion timeout. our application doesn't validate the user.. the authentication is done by some PKI tokens. can that be the reason for this behavior??? If so, how can we fix it??

  What is the heap size ? How many useres are hitting the system ? What is the approx size of the session? Turn on -verbose:gc and monitor the GC activity. Are the sessions really inactive ?
  Make the timeout 30 secs and the InvalidationIntervalSecs to 20 secs and see if it makes a difference.
  If you still have the same results attach the pofiler trace here. A test case would be good too.
  Rakesh Aggarwal wrote:
  We are running a J2EE servlet in Weblogic 6.1 SP3 on Windows NT. The test client to this servlet opens a new Http session on every request.
  The server containing the servlet does not seem to be releasing memory associated with the session. The server eventually runs out of memory due to this. We verified this with a profiler tool. It shows Strings allocated with ServletRequestImpl.getSession() (weblogic.servlet.internal.session.RSID.getID()) not freed. We have set the session invalidation timeout to 1 min using:
  1) session-timeout=1 in web.xml,
  2) TimeoutSecs=60, InvalidationIntervalSecs=60 in weblogic.xml for the web-app containing the servlet.
  We have also tried setting session.setMaxInactiveInterval(60secs) for the servlet. The latter setting does seem to work as verified from a UI client. We are wondering whether weblogic server is not cleaning up the session even after invalidating it.
  We are not saving any reference to the Http session in our servlet. So we would think that the weblogic server should cleanp the inactive session after 1 min according to the above setting.
  Any help regarding this will be sincerely appreciated. Thanks.
  -Rakesh--
  Rajesh Mirchandani
  Developer Relations Engineer
  BEA Support

• Portal Session Timeout Setting

  There is a JServ session and a portal session. I know how to control session timeout and session clean up frequency in JServ - that's in zone.properties. But, I dont know how to set timeout for portal session, i.e., I'd like to have the user be forced to login again when he has been idle for 15 mins - and only if he has been idle. Jserv session settings are not sufficient for this because Portal has it's own session that must time out.
  How to set this timeout value (I'm using my own provider which has a timeout setting in zone.properties and includes a bunch of JSP portlets)? Also, is there a clean up thread for which the frequency has to be set?

  I've contacted metalink weeks ago, and this is NOW, a know bug...
  Incredible... Oracle just DO NOT TEST their products... Even a simple SESSION timeout do not work. Also, if I click back after "I log In and Log out" ... Session still up without have to login again!
  BUG 2442268

• Sso session timeout per partner application

  Hello,
  I was just wondering if it is possible to configure SSO session timeouts per partner application? I'm looking to log out users of a particular application after 15 minutes, but don't want this change to affect any of my other SSO enabled applications. Is this possible?
  Thanks,

  Hi,
  I do not think so, you can not specify specail parameter for one application in SSO.
  Why because SSO is one component (within your Infra) through which you logon different apps.
  Another solution may be it will expensive is that you 'll need to use different infra for this specific application.
  Regards,
  Hamdy

• OAM Session timeout

  Hi All,
  I have the following set up configured.
  1)Deployed a web application in a plain(non oim suite related) weblogic domain
  2)Installed OHS,OAM,OIM and OUD
  3)Configured OHS,OAM,OIM and OUD for SSO in OAM with the external URL from the independent weblogic domain
  4)Independent Weblogic domain is configured with OAMIdentityAsserter and OUD Authentication provider
  My query is as below.
  I have the session time out value configured as 600(seconds) in weblogic.xml of the web application.
  Now when the access the web application through OHS SSO URL, the session is not waiting for 600 seconds to timeout,but getting invalidated in around 30 seconds.
  How to resolve this issue.
  Please advice.
  I have the following configured in OHS proxy.
  <Location /bc>
  SetHandler weblogic-handler
  WebLogicHost ZZZZZZ.oracle.com
  WebLogicPort 9001
  </Location>
  firebug show the following URL getting hit just after the session invalidation http://ZZZZZ.com/oam/server/obrareq.cgi?encquery%3DHBGRZNUhr5Ucxs
  and the following error gets logged in oam server
  "Session invalid as returned by CHECK_VALID_SESSION_RESPONSE responseEvent fail>"
  Kindly suggest.
  Thanks,
  Praveen

  Verify whats session timeout value present in below config:
  http://docs.oracle.com/cd/E27559_01/admin.1112/e27239/session.htm#AIAAG354
  To edit the OAM common session settings:
  Log in to Oracle Access Manager.
  Click System Configuration.
  From the Common Configuration panel, double-click Common Settings.
  In the Session area:
  In Session Lifetime, increase the current value.
  In IdleTimeout (minutes), increase the current value.
  Click Apply.
  ~J

• Re: [iPlanet-JATO] Re: session timeout when not submitting to a handler

  Mark--
  I know what's happening here, but am curious about your approach. You said
  in an earlier email that you were generating links directly to JSPs, but
  from what you are describing, you are generating JATO-style links to access
  JATO pages. Nothing wrong with that, but there is a signficant difference.
  Actually, it just occurred to me, I'm wondering what your URLs look like.
  The way the request dispatching works in JATO is it ignores anything after
  an initial "." in the final part of the URL path. For example, a request
  for "/myapp/module1/MyPage.jsp" doesn't actually try to hit the JSP, instead
  it tries to hit the JATO page "/myapp/module1/MyPage".
  The end result is that you may think you are accessing a JSP directly, but
  are instead accessing a JATO page. The reason the request dispatching works
  this way is because it is illegal to access JATO JSPs directly, and there is
  actually a (disabled) JATO feature that piggybacks on the use of the
  dot-delimited URL.
  So, now I need to understand your intent. I wasn't really sure why you were
  generating direct JSP/page links to begin with. This works against the Type
  II architecture JATO uses, in which all JATO requests go back to the
  controller servlet.
  If you are trying to design something like a menu page, you may have thought
  that it was burdensome to create a number of HREF children, plus implement
  event handlers for each of them. This definitely would be burdensome beyond
  just a handful of links, but this is why JATO provides other mechanisms for
  doing what I'll call here "polymorphic HREFs".
  Assuming this menu page scenario, the easiest thing to do is to simply use
  one HREF child on the page, and add a value to it each time it is rendered
  that distinguishes it from the other instances on the page. In your event
  handler for the HREF, you simply check this value and use it to decide which
  page to forward to. You can add a value to an HREF or Button by using the
  "addExtraValue()" method. Or, if you are using JATO 1.2, you can add extra
  query string NVPs right in the JSP document using the "queryParams"
  attribute of the <jato:href> tag. Thus, your one HREFchild and event
  handler become "polymorphic" because what they do depends on the context in
  which they are invoked.
  Now, I still don't have confirmation that this is what you were trying to
  do, so until I do, let me explain the exception you're seeing. JATO assumes
  that when a request comes in for a page that includes the pageAttributes
  NVP, it is a request coming from a previously generated JATO page. Because
  of the way JATO works, this means that the request dispatching code should
  send the request back to the originally rendered page. For example, if Page
  A renders an HREF, which the user then activates, JATO sends the request
  back to Page A for handling. All of the HREFs and forms generated during
  rendering of Page A actually refer back to Page A, regardless of where those
  links or buttons actually pass the request in their event handlers/Command
  objects.
  So, what's happening when you include the pageAttributes in your HREFs is
  that JATO is assuming that a request is being sent to the target page, with
  the assumption that the target page has a mechanism in place to handle the
  request. This assumption relies on the specification of the "originator" of
  the request being specified in the request. For links/HREFs, the name and
  value of the HREF is sent along with the request. For forms, the name and
  value of the button that was pressed are sent in the request. JATO uses the
  presence of these name/value pairs to decide which event handler, or which
  Command object, to invoke to handle the request.
  The exception you are receiving is saying that there was no object on the
  target page that indicated it could handle the request. This is to be
  expected, since you have not specified a query parameter that indicates
  which CommandField child is responsible the request. However, this is where
  I see the disconnect, because that is not what I believe you were trying to
  do (as explained above).
  So now, given all the information above, can you tell me what you're trying
  to accomplish, and whether or not the info I've given you has helped you to
  design a mechanism more in line with a JATO approach? If not, given that I
  understand what you're trying to do, I can offer a more concrete solution.
  Todd
  ----- Original Message -----
  From: <Mark_Dubinsky@p...>
  Sent: Monday, November 05, 2001 2:54 PM
  Subject: [iPlanet-JATO] Re: session timeout when not submitting to a handler
  This is the exception we get:
  (And BTW, leaving a blank value for the pageAttributes doesn't help)
  [05/Nov/2001 17:49:18:4] error: <portalServlet.processRequest>
  javax.servlet.ServletException: The request was not be handled by the
  specified handler
  at java.lang.Throwable.fillInStackTrace(Native Method)
  at java.lang.Throwable.fillInStackTrace(Compiled Code)
  at java.lang.Throwable.<init>(Compiled Code)
  at java.lang.Exception.<init>(Compiled Code)
  at
  javax.servlet.ServletException.<init>(ServletException.java:107)
  at
  com.putnaminvestments.common.jato.ApplicationServletBase.dispatchRequ
  est(Compiled Code)
  at
  com.putnaminvestments.common.jato.ApplicationServletBase.processReque
  st(Compiled Code)
  at
  com.putnaminvestments.bp.portal.portalServlet.processRequest(Compiled
  Code)
  at
  com.putnaminvestments.common.jato.ApplicationServletBase.doPost(Compi
  led Code)
  at
  com.putnaminvestments.common.jato.ApplicationServletBase.doGet(Compil
  ed Code)
  at javax.servlet.http.HttpServlet.service(Compiled Code)
  at com.putnaminvestments.bp.bpServletBase.service(Compiled
  Code)
  at javax.servlet.http.HttpServlet.service(Compiled Code)
  at
  com.netscape.server.servlet.servletrunner.ServletInfo.service(Compile
  d Code)
  at
  com.netscape.server.servlet.servletrunner.ServletRunner.execute(Compi
  led Code)
  at com.kivasoft.applogic.AppLogic.execute(Compiled Code)
  at com.kivasoft.applogic.AppLogic.execute(Compiled Code)
  at com.kivasoft.thread.ThreadBasic.run(Native Method)
  at com.kivasoft.thread.ThreadBasic.run(Native Method)
  at com.kivasoft.thread.ThreadBasic.run(Native Method)
  at com.kivasoft.thread.ThreadBasic.run(Native Method)
  at com.kivasoft.thread.ThreadBasic.run(Compiled Code)
  at java.lang.Thread.run(Compiled Code)
  --- In iPlanet-JATO@y..., "Todd Fast" <Todd.Fast@S...> wrote:
  Mark--
  Initially we tried to add the pageAttributes NVP as well, but that
  was
  causing an exception, so we stopped doing that.That's odd--what was the exception?
  Our problem now is that when the SessionTimes out it does not go
  to
  onSessionTimeout method as in processRequestMethod of the
  ApplicationServletBase it looks for pageAttributes. If it is notnull
  then only onSessionTimeOut method is called.This is sadly the only technique for determining if a session hastimed out
  and a new one been created, versus the initial creation of thesession.
  Is there any work around for this? Maybe you can suggest how topass
  the pageAttributes without causing the initial exception?Definitely--let me know what the exception was and I'll be able tosuggest
  something. However, it shouldn't really be any harder thanappending a
  "jato.pageAttributes=" empty NVP on the HREF.
  Todd
  Todd Fast
  Senior Engineer
  Sun/Netscape Alliance
  todd.fast@s...
  For more information about JATO, please visit:
  http://developer.iplanet.com/tech/appserver/framework/index.jsp

  OK, here's what I'm trying to do: We have, like you said, a menu
  page. The pages that it goes to and the number of links are all
  variable and read from the database. In NetD we were able to create
  URLs in the form
  pgXYZ?SPIDERSESSION=abcd
  so this is what I'm trying to replicate here. So the URL that works
  is
  pgContactUs?GXHC_GX_jst=fc7b7e61662d6164&GXHC_gx_session_id_=cc9c6dfa5
  601afa7
  which I interpreted to be the equivalent of the old Netd way. Our
  javascript also loads other frames of the page in the same manner.
  And I believe the URL-rewritten frame sources of a frameset look like
  this too.
  This all worked except for the timeout problem. In theory we could
  rewrite all URLs to go to a handler, but that would be...
  inconvenient.

• Session Timeout

  I am trying to update/get new apps in iTunes for my iPhone.
  Before downloading, I am prompted to accept the new terms & conditions. After clicking accept, I get a timeout message:
  Session Timeout
  Your session has timed out. Please try this operation again from the beginning.
  I have tried this on a MBP at work, my iMac at home, and even directly on my iPhone, each giving the same message - over the course of this afternoon and evening. I have tried restarting, software updates, etc.
  Is there anywhere else I can go to accept these terms and get access to paid downloads again?
  C.

  I had the same problem trying to update my Touch iPod. While I was billed for the $9.95 fee, my connection was interrupted multiple times with the Session Timeout error message. The download does not show in my purchase history and nothing is showing up in 'Available Downloads' in iTunes. How do I either 1) get my money back or 2) get access to the download that I purchased?
  sdalek

• 'Session timeout" appears when creating account

  I am trying to create an iTunes account because I bought an iTunes gift card. Every time I try to create an account in the Music Store, and straight after I have accepted the terms and conditions, a screen comes up saying "Session timeout". I have never even logged in before and no one on my computer ever has. I have downloaded the newest version of iTunes, and done all the relevant connectivity tests etc. What can I do??

  Sorry, figured out my error: on the authentication page for session verify function I had to specify:
  return session_timeout;
  Then it worked as expected. Verified the cookie by creating a pl/sql region to fetch the cookie value and display on the page.

• Session Timeout Setting in Business Intelligence Platform 4

  Greetings.  We are using Business Intelligence Platform 4 SP 2.5.  We use LDAP authentication for logging in to the CMC, BI Launchpad, and Lifecycle Management console.  Our sessions expire after 10 minutes (of either activity or inactivity).  I haven't been able to find the setting that controls the timeout.  Does anyone know?
  Thank you in advance,
  Dave

  Hi Dave,
  TO make the change for the timeout we need to navigate to following location:
  1. Program Files (x86)\SAP BusinessObjects\Tomcat6\webapps\BOE\WEB-INF
  2. Open the web.xml. Search for the "session-timeout" and change the value to as per your requirement.
  3. This change would take effect on both CMC and BI LaunchPad.
  4. Restart the Tomcat.
  At <INSTALLDIR>\Tomcat6\conf\web.xml change 30 to 60:
      <session-config>
          <session-timeout>60</session-timeout>
      </session-config>
  Regards,
  Sonia

• Session Timeout Alert + login page has changed

  Hello,
  We recently updated our SAP CRM 7.0 from EHP1 to EHP3.
  Since than we get this "Session Timeout Alert" error and it is very annoying.
  I've changed the rdisp/plugin_auto_logout parameter to 7200 s but the session is still ending after about 10min.
  On EHP1 we didn't had this problem.
  Also it seems that the login page has changed because the username and password is not saved anymore and we need to introduce them every time we log in.
  Please help to solve these problems.
  Thanks!

  Hi Sudhir,
  My issue is also not solved!
  The server restart was only another possible solution.
  Very annoying!
  Still searching....
  BR

• Session timeout skillbuilders question

  Application security attributes settings
  Session Timeout  Maximum Session Length in Seconds   60
  On session timeout direct to this URL   <url>
  Maximum Session Idle Time in Seconds   45
  On session idle time timeout direct to this URL   <url>
  Session timeout component settings
  Name: SkillBuilders Session Timeout (1.0.1) [Plug-in]
  *Session Timeout Action  Alert
  *Session Timeout Message  Application will timeout shortly
  *Mask Browser Screen on Timeout  No
  *Session Idle Warning  Yes
  *Session Idle Title      Idle message Warning ( I cannot see this displayed but when I copied that area this came)
  *Session Idle Message    This application session will expire shortly! If you want to continue working please click ok on the alert.
  *Show Warning Seconds Before  40
  *Keep Session Alive           Yes
  So the moment I start my application and the login page is displayed i get the idle message displayed on the screen.  So my application should timeout in 1 minute. I should be alerted after 45 seconds.
  Are the settings correct?
    Murali

  Please keep in mind that maximum session length and idle time are two different things. The following configuration should satisfy your requirements
  Configure the following application attributes:
  "Maximum Session Length in Seconds" =  ??? -- you did not specify how long your session can last, if left blank it will revert to the instance level setting which defaults to 8 hours
  "Maximum Session Idle Time in Seconds" = 10800 -- the maximum amount of time the user as to interact with the server again
  Configure plugin settings:
  "Session Timeout Action" = ALERT
  "Session Timeout Message" = <your message>
  "Session Idle Warning" = Yes
  "Session Idle Title" = <your title>
  "Session Idle Message" = <your message>
  "Show Warning Seconds Before" = 900 -- 15 min x 60 seconds
  "Keep Session Alive" = Yes -- this will renew the session if the user interacts with the idle warning
  Please let me know if you have any questions.
  Good Luck!
  Tyson