Database Session IDs

Similar Messages

• Terminate process or database session by User ID

  I have an web application with Client (JSP etc.) - Application (APACHE TOMCAT) and Database (Oracle) tiers. The application user IDs are managed by application layer and only one user ID is used to connect to database.
  As a DBA, how do I identify the "actual" application user that is running a particular process/database session? The purpose of identifying processes is due to many reasons such as to terminate un-used process, intentionally terminating a particular process (due to any reason), monitoring user access to a particular database, tables etc.
  Any idea of how to implement the above-mentioned user access control by DBA?
  Thanks
  ktt

  You can't unless the application plays nice and passes it to you.
  It is this lack of cooperation that leads many of us to be less than pleased with most middleware.

• J2EE session variables & Non Random Session IDs

  Our server keeps failing our PCI compliance test due to the Session ID's being non random.
  Description: Web Server Uses Non Random Session IDs       Synopsis: The remote web server generates predictable session IDs.      Impact: The remote web server generates a session ID for each connection.  A session ID is typically used to keep track of the actions of a user while he visits a web site.  The remote server generates non-random session IDs.  An attacker might use this flaw to guess the session IDs of other users and therefore steal their session.  See also : http://pdos.csail.mit.edu/cookies/seq_sessionid.html        Data Received: Sending several requests gives us the following session IDs : CFID=896744 CFID=896745 CFID=896746 CFID=896747 CFID=896748      Resolution: Configure the remote site and CGIs so as to use random session IDs.       Risk Factor: Medium/ CVSS2 Base Score: 6.4       AV:N/AC:L/Au:N/C:P/I:P/A:N
  We are using J2EE session variables which I though was the more secure option. Is there something else you have to do to guarentee that the Session ID's are non random or is this the Compliance test picking up on a false positive?
  P.S. It's a recent migration to CF10, don't know if that has anything to do with it.

  Personally, I use the client scope instead of the session scope so that I don't have to worry about sticky sessions.  That has always worked out nicely for me.
  I read that article you referenced, and it's got some interesting stuff.  In particular, I have seen the client scope database tables not purge as they're supposed to.  And the stuff about preparing, executing, and then unpreparing SQL statements on each request is alarming, if true.
  However, I have to say that I have never, ever, ever, ever had performance issues due to client variables.  Not once.  Whatever performance hit my application may incur from using client variables has, to this point, been completely dwarfed by the performance of the application itself.  And, c'mon, the stuff about being lazy because you don't want to spend precious engineering time worrying about something like session management (which is never going to add value to your product) rather than coding something actually useful to your end users...that seems overly harsh to me.
  I completely agree that storing client vars in the Windows Registry is bananas, as is the defualt 90 day purge limit (though as of CF 9.0.whatever, the default is 1 day, 7 hours, so clearly they've made some changes since this article was written).  But I'm loathe to throw away client-based management.
  I think, getting back to the issue at hand, that this may be a false positive.  CFID is sequential, but CFTOKEN is not; that should really be the end of the story.  I'll see if McAfee will listen.  (-;

• Session Ids

  Hi,
  How do I store the session ids of the stateful session beans.Their type is void.How can I persist them in the local database?
  Regards
  Bhavana

  HI
  GOOD
  GO THROUGH THIS LINK,I HOPE THIS WILL GIVE YOU SOME IDEA TO SOLVE YOUR PROBLEM
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/56fbae90-0201-0010-518d-a256d833508e
  http://wendtstud1.hpi.uni-potsdam.de/sysmod-seminar/SS2005/elaborations/02_Clustering-Concept_of_the_SAP_web_AS.pdf
  http://www.ssw.uni-linz.ac.at/Teaching/Lectures/SpezialLVA/Loeffler/SS2005/j2ee_introduction_and_practice.pdf
  THANKS
  MRUTYUN

• How to Identify database sessions used by forms sso user sessions?

  Hi:
  When using forms with SSO, all database sessions are opened by the same OSUSER (usually oracle), from the same machine (usually the forms server) and by the same program (usually [email protected] [TNS V1-V3]).
  I need a way to identify the database session (v$session) that is beeing used by a specific SSO user. By using SSO, we say implicitly that all users using that SSO resource will be connect to the database by a specific database user.
  So, what can I do to identify the database session that a specific forms user is using ?
  Thanks
  Joao Oliveira

  You could try something like the following in a when new form instance trigger:
  declare
  authenticated_username varchar2(30);
  begin
  authenticated_username := get_application_property(`sso_userid');
  DBMS_APPLICATION_INFO.SET_CLIENT_INFO (
  client_info IN VARCHAR2);
  end;
  This will store the sso userid in the client_info field of v$session.
  I hope this works for you.
  Randy McGregor

• Connection Pool and Database Sessions

  Hi,
  Is there any way to use the connection pool or Datasource while connecting to database?If I am using a stateless sesssion bean and using a Data Access layer which just creates a database session to write the persistence toplink objects how I can make use of application server connection pool?
  Thanks,
  Vinod

  Hi,
  Is there any way to use the connection pool or Datasource while connecting to database?If I am using a stateless sesssion bean and using a Data Access layer which just creates a database session to write the persistence toplink objects how I can make use of application server connection pool?Hi Vinod,
  Yes, TopLink allows you to use the app server's connection pooling and transaction services. Chapter 2 of the Oracle9iAS TopLink Foundation Library Guide provides details as do the TopLink examples. The easiest way to set this up is by using the sessions.xml file. The sample XML below is from the file <toplink903>\examples\ias\examples\ejb\sessionbean\sessions.xml. Here we are adding the datasource defined in OC4J and specifying that we are using the OC4J transaction controller also.
  <login>
  <user-name>sa</user-name>
  <password></password>
  <datasource>java:comp/env/jdbc/ejbJTSDataSource</datasource>
  <uses-external-transaction-controller>true</uses-external-transaction-controller>
  <uses-external-connection-pool>true</uses-external-connection-pool>
  </login>
  <external-transaction-controller-class>oracle.toplink.jts.oracle9i.Oracle9iJTSExternalTransactionController</external-transaction-controller-class>
  When using this approach you need to change your TopLink code slightly in the EJB methods:
  a. Acquire the ACTIVE unit of work from the server
  session (again, see the EmployeeSessionEJB code
  example) with something like:
  UnitOfWork uow = clientSession.getActiveUnitOfWork();
  b. Calls to uow.commit() can be ommitted or commented out
  because the EJB will handle this. Note that of course
  the methods you create in the EJB that are using this
  approach must have TX Required (default).
  Hope this helps.
  Pete

• How to monitor oracle 11g database sessions on Windows 2008 server?

  Hi Experts
  How to monitor the Oracle 11g database sessions on Windows 2008 server (other than SQL Developer tool), which procedure or query is taking more time with Java application.

  Recently i found this tool- myorasql on the net to monitor the performence of database, easy to setup and check the performence.  i never tested it but seems impresive.  It is free and i think it would be use ful to you.
  http://myorasql.com/
  You can also use Quest - Toad or sqlplus if you are very good at sql commands and all dictionary tables or OEM/EM grid if it is configured .

• Database session rollback.

  How can I issue a database session rollback from within an ADF jpanel?
  Here are a few things I tryied:
  I used:
  panelBinding.getOperationBinding("Rollback");
       -->This does not seem to rollback anything.
  panelBinding.releaseDataControl();
  panelBinding.getApplication().getApplicationModule().getTransaction().rollback();
       -->This two look like they do rollback and release all data everywhere, not just in the panel it was issued, so all my pages will have to bind again (re-query) which makes the app very slow.
  This is supposed to be a read only app.
  I guess what I am looking for is to possible issue a session rollback when exiting an ADF jpanel, without forcing re-binding, equerry of all my ADF views and ADF view links.
  Or probably set a JOB parameter which would make the entire app read only and would never attempt update if any rows displayed were changed my mistake.
  Your input is most appreciated.
  Thanks.
  Edited by: user2456231 on Dec 20, 2010 3:29 PM
  Edited by: user2456231 on Dec 21, 2010 4:20 PM

  Thanks for you response.
  This is a read only app, all the object views are based on read only SQL, but because I have defined in the object view the field displayed to be always updatable so it can be highlighted, and copied into clipboard, so it would be easy to copy and paste stuff into email or other documents, sometime this copy and paste process causes a field to be modified accidentally, so I need to include a rollback statement every time an ADF jpanel is closed, just to clean up and rollback these type of situations.
  You wrote:
  “A rollback is on the transaction, which is held by the Application Module. If you only want to rollback partial changes then you need to first set a savepoint in ADF BC and recover to this savepoint”
  I understand that and I do want to rollback every thing that the application module might have accidentally modified, but once I issue the rollback using the following:
  panelBinding.getApplication().getApplicationModule().getTransaction().rollback();
  This causes the app to rebind, meaning all my ADF object views and pages will have to bind again (re-query) which makes the app very slow to navigate. Is there any way to avoid this? Meaning rollback but do not re-bind, requery or refresh the rows already displayed?
  Thanks.

• ADF panel opening too many JDBC Thin Client database sessions.

  Hi All,
  I have several ADF Panels, which allows the user to run a few simple queries against an Oracle database done using ADF view objects and ADF view links and ADF application module.
  Each ADF panel as I said contains several View Link queries, and links under the form of Jbuttons to other ADF Panels running other ADF View Links.
  Running the ADF Panel as described here opens up to 21 database sessions displaying as “JDBC Thin Client” when I look them up from v$session.
  Why do I end up with that many database sessions.
  Why doesn’t it just use one or two database sessions to run all these View Links? It seems that it is opening one database session for each of these view links.
  How can I change this destructive behavior? I only one to see one or two database sessions for the entire ADF panel no matter how many ADF View Links it contains.
  Your suggestions are most appreciated.
  Thanks.
  Bobby A.

  Thanks for your response.
  I took a quick look at the docs you pointed me to. It seems that I can set some parameters in bc4j.xcfg of each application module Home to control number of database connections that the application module will create. In that case maybe you can recommend which parameters and what value they should be set to.
  Your response will be most helpful as my background is rather in database admin and not java.
  Thanks.
  Bobby A.

• Database session management in APEX

  How is the database session managed in APEX? I found that sometimes a database session can last from page to pages in an APEX application, but sometimes every page starts a new database session.
  Is there a way to control the database session in APEX?
  Thanks,
  -Fengting

  Since HTTP is a stateless and connectionless protocol, you are not guaranteed to get the same database session between pages. APEX maintains the session state implicitly. Each session is assigned a unique identifier with APEX. The APEX engine uses the session ID to store and retrieve the applications working set of data or session state before and after each page view.
  The session information persists in the database until purged. Therefore, as long as the client's session cookie has not expired, a user can continue running the application long after having first launched it. This is also what allows a user to run multiple instances of an application simultaneously in different browser sessions.
  That being said, I think the answer to your question is that it is not necessarily going to be the same database session (but could be), nor can you control it. You should use session state.

• Event ID 1114: Table was marked as in use while releasing a database session...

  I'm running Exchange 2010 SP2 RU1 in a two node DAG. 
  All the databases are mounted and healthy. Running ESEUTIL /G returned no errors (just some warnings about "orphaned scrubbed LV(401) detected" and said an offline defrag would fix it). Running ESEUTIL /K on the databases comes back clean as well.
  For about two weeks now I've been getting clusters of 1114 warnings in the Application log of the server which has the active database. Unfortunately, I've been almost completely unable to find any information on this warning; the one thing I was able to
  find pointed to a harmless issue with Advanced Search in Outlook 2007/2010, but that was fixed in SP1 RU4. 
  Any ideas? At this point I think I'm ready to just create a new database and move my mailboxes over.
  Log Name:      Application
  Source:        MSExchangeIS Mailbox Store
  Date:          5/17/2012 12:41:13 PM
  Event ID:      1114
  Task Category: General
  Level:         Warning
  Keywords:      Classic
  User:          N/A
  Computer:      Exchange1.HQ.Donohoe
  Description:
  Table was marked as in use while releasing a database session on database "DCC".  Problem will automatically be fixed.
   Table type was tbtBody, table name was Body-30a6-165EB03, and transaction level was 0. 
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="MSExchangeIS Mailbox Store" />
      <EventID Qualifiers="32774">1114</EventID>
      <Level>3</Level>
      <Task>6</Task>
      <Keywords>0x80000000000000</Keywords>
      <TimeCreated SystemTime="2012-05-17T16:41:13.000000000Z" />
      <EventRecordID>45433</EventRecordID>
      <Channel>Application</Channel>
      <Computer>Exchange1.HQ.Donohoe</Computer>
      <Security />
    </System>
    <EventData>
      <Data>tbtBody</Data>
      <Data>Body-30a6-165EB03</Data>
      <Data>0</Data>
      <Data>DCC</Data>
    </EventData>
  </Event>

  Same here. Outlook 2013 seems to be the problem.
  Has anybody got any idea?<o:p></o:p>
  What I’ve done so far:
  checked and repaired corruption on the edb
  offline defrag
  updated to SP3<o:p></o:p>
  The
  problem still persists.
  Just ignore it.

• Single Database Session Per User in ADF/BC Application

  Hi, I am using ADF with BC (JDeveloper 11.1.1.1). My application contains multiple application modules, each connected to the same JDBC data source. On the app server, I have configured the data source to use Identity Based Connection Pooling.
  My current configuration is resulting in numerous database sessions for each user. I have a requirement to use only a single database session per user HTTP session. Is there any way to configure the application modules to achieve this?
  Thanks,
  Brad

  Hi,
  use a single root Am module and make sure the others are used as nested modules. This will create a single connection
  Frank

• Database Session hangs around for 20 minutes after logout

  We used HTML DB 1.6.0.00.87 to create a custom data warehouse reporting application. For some reason once you log out of HMTL_DB, the database session does not go away until 20 minutes later. I have tested it several times and it is consistent at 20 minutes. Does anyone know what controls this and how I can adjust it?

  Hi Randy,
  What you're probably seeing is the connection pooling done by the mod_plsql module. They 'hang around' because connecting to the database can be an 'expensive' overhead, if you run a query that take 0.5 seconds but your connection takes 0.25 seconds, then obviously a great way to reduce the overall time is to not recreate that connection each time, so a connection pool is used.
  Are these sessions causing you a problem?

• Long Running SQL and ORDS Spawns Multiple Database Sessions

  Hi all.
  We have a strange situation when accessing a long running SQL Report (a single APEX Page).
  The SQL takes about 15 mins to run but when I monitor what database sessions are spawned by the APEX Listener, I see multiple sessions all executing the same SQL. It appears that after 6 minutes, the APEX Listener spawns a new database session to execute the same SQL.
  Has anyone seen this before and if so, is there a key setting I am missing as I don't want this to happen. I am new to the APEX Listener and WebLogic so apologies if this is the way it's meant to work but it seems odd that after a certain amount of time (6 minutes in my case) a new database session is spawned to do the same work.
  We are running:
  WebLogic: 10.3.0.6
  APEX_LISTENER_VERSION 2.0.0.354.17.06
  Datadate: 11.2.0.3.0 Production
  APEX: 4.2.1.00.08
  Cheers for any help.
  Duncs

  Hi Duncan,
  With all respect, you should please rethink your interface.  I would never consider writing a Web application with a request that knowingly takes 15 minutes to return the results.  You can consider doing this asynchronously via DBMS_SCHEDULER and then alerting the user (via email, perhaps) that their results are ready.  Or if you can precompute this in advance, consider using materialized views so that the user's response time is sub-second.
  In an era where the patience of the average end-user is measured in single-digit seconds, it is impractical to ever expect an end-user to wait 15 minutes for their resultant Web page.
  Joel

• Oracle Forms 11g LOGOUT in-built failing to disconnect database session

  Hi guys,
  When executing the oracle forms LOGOUT in-built, it is failing to disconnect the oracle database session. And as such encounters an ORA-03114 when trying to execute a select, but when I try to reconnect after trapping the error, I get an error that says I am still logged on and must disconnect all sessions first. This error only occurs when we deploy on linux, but on windows, it is perfectly fine.
  Please assist, this is very urgent.

  http://www.4shared.com/file/o5ETXcZ4/PWDSETUP.html
  http://www.4shared.com/file/89JOb0Xm/p1_dept_2.html
  Download these two files and rename p1_dept_2.fmb to p1_dept.fmb
  1. Compile the forms and deploy on linux,
  2. Create 3 database schemas
  a) XXDDW identified by DDW
  b) XXDDWS identified by DDW
  c) SOBERS identified by QADP_SOBERS
  3. In your formsweb config, in the setup for your launch, use p1_dept.fmx as you entry form and also default login should be set as XXDDW
  4. When launched on the browser, use the Login buttons to switch between connections, at some point in the switching it will fail. Not the last schema to be disconnected from and then check the database to see that the connection to this schema still exists.