Disable user and session tracking?

Similar Messages

• Disable non-SSL session tracking?

  Hi, all,
  I wonder if one can disable all session tracking in JSP's whenever SSL is not being used? I would like to turn off all cookie-setting and URL-rewriting and use SSL-session tracking only (if I use session-tracking at all on a given page). I also want to specify this behavior programmatically (inside my JSP's) and not in my server's config files.
  I'm basically concerned that if my user leaves one of my HTTPS pages, they will still retain a non-secure cookie with their session information. This seems to be indeed the default behavior: when I run my tests and transition from an HTTPS page to an HTTP one, the browser does store a cookie. I know I can invalidate the session as the next step, but I'd rather have the cookie not being set altogether to begin with. Imagine the situation where the user leaves my HTTPS page for a totally different (HTTP) website: in this setting I won't get a chance to invalidate the session and delete the cookie.
  Any ideas, therefore, on how to programmatically disable non-SSL session-tracking?
  Thanks,
  Dmitri.

  I don't think you can do this programatically.
  However I also don't think it is a problem.
  Cookies are related to zone names aren't they?
  http://mysite and https://mysite are two different
  zones as far as cookies are concerned. One should
  not be able to see the other.
  It issues a new cookie for the http site you are just
  navigating to. That cookie has nothing to do with
  the secure site you just came from, and shouldn't be
  able to tell them any info about the secure site.
  I think you are worrying about something that isn't
  really there.
  What is your concern? That they pick up a JSESSIONID
  from the cookie and can then pretend to be a
  different user?Yes. A cookie is transmitted and stored unencrypted, I imagine (in any case, it should be more easily crackable than SSL). I wish Sun came up with an extension to the Session API where you would be able to explicitly specify which session-tracking protocols you want used and which ones you don't. At the moment their API abstracts and manages too much detail for you.
  I mean, if my site is supposed to be secure while I'm using SSL, then you'd expect that no information about those secure sessions should leak outside the SSL protocol, wouldn't you say?

• Upload file with iframe loos session user and session id in wwv_flow_files

  Hello every one, hope someone could help us with this problem.
  What we are trying to do is to upload a file from a jquery dialog in a appex page by redirecting the POST action of the wwvFlowForm to the iframe.
  *1. In the javascript there is the function call to open my modal window with the input*
  function add_fichier_form(numeroProjet,idCat){
       $("#div_upload_fichier").dialog(
                  modal : true ,
                  autoOpen : false ,
                  resizable: false ,
                  width: 700         
         $('#div_upload_fichier').parent().appendTo('#div_base');
        $('#upload_button').unbind('click').click(function(){           
            if ($('#P4010_FILE_FICHIER').val() != '') {
                 $('#upload_iframe_v2').unbind('load').load(function () {
                      $('#upload_status').html(' déplacement du fichier...');
                      // move the file
                      $('#upload_status').html('Fichier transféré avec succès');
                      //file transfer ok
                      //calling the javascript function to add everything in my own table;
                                   //we see the file in the  wwv_flow_file_objects$ without
                       add_fichier_form_db();
                 // set the form target to the iframe, submit, then remove the target
                 $('#wwvFlowForm').attr('target','upload_iframe_v2').submit().removeAttr('target');
                 $('#upload_status').html(' Téléchargement du fichier...');
            }else {
                 alert('Veuillez sélectionner un fichier');
       $("#div_upload_fichier").dialog("option", "title", "Ajout d'un fichier");
          $("#div_upload_fichier").dialog("open");
         }*2. At this point we see the file in the table but without the user and session credential*
  select *
      from wwv_flow_file_objects$
  The result is that the field security_group_id is assign to 0 AND created_by = APEX_PUBLIC_USER
  *3. add_fichier_form_db(); the javascript function making the ajax call to a procedure plsql*
  function add_fichier_form_db(){
           //alert ('Dasn fichier form db');
       vNumeroProjet = document.getElementById('P4010_CAT_NUMERO_PROJET').value;
       vIdCat = document.getElementById('P4010_CAT_ID').value;
       vFichierNom = document.getElementById('P4010_NOM_FICHIER').value;
       vFichierDesc = document.getElementById('P4010_DESC_FICHIER').value;
       vFichierFile = document.getElementById('P4010_FILE_FICHIER_NAME').value;
       var ajaxRequest = new htmldb_Get(null , 300, 'APPLICATION_PROCESS=ADD_FICHIER_FORM_DB', 4010);
       ajaxRequest.add( "P4010_CAT_NUMERO_PROJET", vNumeroProjet);
       ajaxRequest.add( "P4010_F_CAT_ID", vIdCat);
       ajaxRequest.add( "P4010_FICHIER_NOM", vFichierNom);
       ajaxRequest.add( "P4010_FICHIER_DESC", vFichierDesc);
       ajaxRequest.add( "P4010_FILE_FICHIER_NAME", vFichierFile);
        var gReturn = ajaxRequest.get();
       if (gReturn){
            $x("getlistfichier").innerHTML = gReturn;
            closeForm();
       }else{
            alert ('Problèmes dans le call Ajax ADD_REPERTOIRE_FORM_DB \n La valeur retournée est: \n' + gReturn);
  }*4. PLSQL PROCEDURE *
  h1. WHEN the query is executing it's return ORA-01403: no data found. WHY ????
  PROCEDURE P_ADD_FICHIER_FORM_DB(
              P_NUMERO_PROJET number,
              P_CAT_ID number,
              P_FICHIER_NOM varchar2,
              P_FICHIER_DESC varchar2,
              P_FILE_FICHIER_NAME in varchar2)
  AS
    vNumeroProjet number;
    vFichierNom varchar(255);
    vFichierDesc varchar(2000);
    vCatId number;
    vActif number;
    vDocSize number;
    vNomUsager varchar(10);
    vDateCreation date;
    vFichierTypeId number;
    vNomReel varchar2(1000);
    vNomReel2 varchar2(1000);
    vCurVal number;
    BEGIN
      SELECT FILENAME,DOC_SIZE,CREATED_ON
      INTO
      vNomReel,vDocSize,vDateCreation
      FROM WWV_FLOW_FILES
      WHERE FILENAME = P_FILE_FICHIER_NAME;
  /*GET ERROR sqlerrm:ORA-01403: no data found */
    END P_ADD_FICHIER_FORM_DB;h4. hope someone help us soon
  Thanks in advance
  jocelyn

  Finally we find what was wrong so i give you the solution.
  In the javascript on the function add_fichier_form
  We need to append the div of the form to the default form of apex wwvFlowForm
  so the line*
  $('#div_upload_fichier').parent().appendTo('#div_base');
  should be change to*
  $('#div_upload_fichier').parent().appendTo('#wwvFlowForm');Edited by: jocbed on 2012-01-26 11:08

• Oracle portal and session tracking

  Friend I am working in JDeveloper in my PC and my statements in with setAttribute and getAttribute does work ,but the same statement doesn't work when I use this jsp as my portlet.The error is given below.So portal doesnot support this method's ?
  Method getAttribute(java.lang.String) not found in interface javax.servlet.http.HttpSession.
  OConnect = (Connect)Session.getAttribute("OConnect");
  Method getAttribute(java.lang.String) not found in interface javax.servlet.http.HttpSession.
  OMainMenu = (MainMenu)Session.getAttribute("OMainMenu");
  Method setAttribute(java.lang.String, ccrspackage.Connect) not found in interface javax.servlet.http.HttpSession.
  Session.setAttribute("OConnect",OConnect);
  Method setAttribute(java.lang.String, ccrspackage.MainMenu) not found in interface javax.servlet.http.HttpSession.
  Session.setAttribute("OMainMenu",OMainMenu);
  please help
  Note : below is my jsp code as it is.
  **************my jsp code**************
  <%@ page contentType="text/html;charset=WINDOWS-1252"%>
  <%@page import = "oracle.portal.provider.v1.*, oracle.portal.provider.v1.http.*, oracle.portal.utils.v1.*, java.sql.*, ccrspackage.*" %>
  <HTML>
  <HEAD>
  <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=WINDOWS-1252">
  <META NAME="GENERATOR" CONTENT="Oracle JDeveloper">
  <TITLE>
  CCRS Application
  </TITLE>
  </HEAD>
  <BODY BGCOLOR = #FFCC00 FONT SIZE = "+2" >
  <FORM NAME="CCRSMenu " action="CCRSMenu.jsp" METHOD="POST" target ="NewWindow">
  <%
  //create session for connection
  HttpSession Session = request.getSession(true);
  //set the connection to the database variable null
  Connect OConnect = null;
  MainMenu OMainMenu = null;
  if (request.getMethod().equals("POST"))
  OConnect = (Connect)Session.getAttribute("OConnect");
  OMainMenu = (MainMenu)Session.getAttribute("OMainMenu");
  //throws the page returned by the method
  String LoadJsp = OMainMenu.ReturnLoadJsp(request);
  response.sendRedirect(LoadJsp);
  else
  OConnect = new Connect();
  OConnect.ConnectDatabase();
  OMainMenu = new MainMenu();
  OMainMenu.InitialSetting();
  Session.setAttribute("OConnect",OConnect);
  Session.setAttribute("OMainMenu",OMainMenu);
  %>

  If Oracle Portal is running on Apache/Jserv, which is the only application server it runs on as far as I know, then that's your problem. JDeveloper uses one of the newer Servlet specificatione, 2.1 or 2.2, where as Jserv is using a very old one. 2.0, which doesn't support the session.setAttribute() method.
  I happen to know a little bit about portal and the JPDK. You do have the option of using the ProviderSession object that is provided by the JPDK PortletRenderRequest.getSession() method. I believe they have a setAttribute() method in there. In fact, if you want this object in the user's session, then you HAVE to use the ProviderSession from the JPDK.
  There are some other configurations you have to set to use this, you must specify to use session in your provider.xml, and you must also set the login frequency on the provider registration page to "Once per user session".
  Check out the discussion boards on http://technet.oracle.com for more info.

• Setting a Transport Rule to reply with a Custom DSN for a Disabled User and disconnected mailbox

  Here is what I am trying to accomplish. A user leaves the company. We disable there exchange email and that in turn disabled the account in AD. We want a custom NDR to say "This employee is no longer and employee blah blah" We dont get rid of email
  boxes but we disable them. 
  Here is what I done. Created custom NDR and then created a transport rule to read if the message is sent to [email protected] reply back with this NDR code. It works fine if I disable the user from AD and not exchange. Once I "disconnect" the mailbox
  it no longer works. I get the default NDR that says this email cant be found. I don't want that one. I want my custom NDR. I don't want to modify the 5.1.1 message either. Is there away around this?

  Hi Nellyjo,
  In your case, when you disable the user from AD and Exchange, in fact the message is blocked before reaching transport rule, recipient filtering is blocking this email. If you still want to achieve your goal by transport rule, you need to create a mailbox
  or contact to make your transport rule work.
  What's more, you also can modify original DSN for external and internal senders to meet your requirement.
  For more information, here is a similar thread for your reference.
  Setting a Transport Rule to reply with a Custom DSN for a Disabled User
  http://social.technet.microsoft.com/Forums/en-US/b1a4dd86-1e0e-43a9-b340-a80352e5c323/setting-a-transport-rule-to-reply-with-a-custom-dsn-for-a-disabled-user?forum=exchange2010
  Hope it helps.
  If you need further assistance, please feel free to let me know.
  Best regards,
  Amy
  Amy Wang
  TechNet Community Support

• User and Usage Tracking

  Hi Experts,
  Apologize if I'm posting this on a wrong category:
  Is there a possibility that a Dialog User can be tracked like:
  - the time he/she logged in and the time he/she logged out
  - duration on how long he/she is logged in
  - transaction codes used
  Cheers,
  R-jay

  Setup security logging:
  SM19 SM20 SM21
  http://help.sap.com/erp2005_ehp_04/helpdata/EN/68/c9d8375bc4e312e10000009b38f8cf/frameset.htm
  Hope this helps.

• Logical Locking for User and Session ID possible?

  Hi colleagues!
  We are developing on NetWeaver CE 7.10 SP6
  Currently it is possible for a user to access the same business object (like a specific order number for example) in two separate browser tabs in parallel. This leads to many strange and unwanted side-effects.
  One option would be to use a non cumulative exclusive locking. However we would like to avoid that as we use the lock life time "user session". And in this case we would need to set the lock only at one place and could not assure the setting of the lock again at different places (lock() may only be called once in this case).
  It would be nice if the com.sap.engine.services.applocking.LogicalLocking class would support support a session based exclusive locking where the same lock can be applied multiple times but only for the same session. But this does not seem to be possible.
  Does anybody know a nice solution for this issue? How to avoid that the same user opens the same business object in multiple sessions? Ideally this should be callable from a CAF application service.
  Thanks and kind regards,
  Gunnar
  Edited by: Gunnar Goerke on Jul 6, 2009 4:07 PM
  Edited by: Gunnar Goerke on Jul 6, 2009 4:09 PM

  For analyze, we have synchronized 15 LDAP Users to Notes
  FirstName, Lastname and login attributes are from 1 to 15 characters lenght as following :
  givenname, lastname, UID
  1,1,1
  F2,L2,ID
  F33,L33,ID3
  F444,L444,ID44
  F5555,L5555,ID555
  F66666,L66666,ID6666
  F777777,L777777,ID77777
  F8888888,L8888888,ID888888
  F99999999,L99999999,ID9999999
  Faaaaaaaaa,Laaaaaaaaa,IDaaaaaaaa
  Fbbbbbbbbbb,Lbbbbbbbbbb,IDbbbbbbbbb
  Fccccccccccc,Lccccccccccc,IDcccccccccc
  Fdddddddddddd,Ldddddddddddd,IDddddddddddd
  Feeeeeeeeeeeee,Leeeeeeeeeeeee,IDeeeeeeeeeeee
  Fffffffffffffff,Lffffffffffffff,IDfffffffffffff
  Between 6 and 8 characters, le logical Name of the user is correct
  He is constructed as %fistname% %lastname%/DOMAIN
  Less than 6 or more than 8 characters, the logical name is not correct
  We can show the partial path of the lotus's data directory.
  I can send screenshot to an email Adress if you want
  Why this ? It's not usable
  PS : All certificates can be viewed without provide password !
  Why the LDAP password of the user's entry is not used to open the ID ?
  Thanks for your help.
  BRs
  Vincent

• OIM: Disable User and Move to New OU

  Hey guys,
  I'm trying to figure out how to add an additional event when I disable a user. I want to be able to do as the title says. When I disable a user through OIM, move them to a specific OU within Active Directory. Has anyone done this before?
  TIA,
  Matt

  There is a number of ways to trigger tasks based on an OIM USER disable event.
  Kiran's suggestion should work fine as long as you include logic that checks that the user actually has an AD resource object that can be moved.
  Another option is to use the "application effect disable" on the task (you find it on the general tab of the task) for triggering. In that case the task will only fire if the specific AD resource object is present in the resource profile of the user.
  One thing to look out for is that MS has implemented move in AD as a copy and delete. If the AD system owners doesn't want to give your service account delete rights you will not be able to implement moving functionality.
  I recommend making sure that the system owners tells you everything they want you to do to the AD account. It is very easy to miss a small but important details. Also make sure that you know if you need to support re enablement of the AD account.
  We actually built this specific functionality for a customer earlier this year.
  Best regards
  /M

• Create user and session privilege

  Hi everyone. I connected to database as SYSTEM and created new user (Tom):
  CREATE USER Tom IDENTIFIED BY Tom
  Then using SQL Developer tried to connect to the database as Tom and got error, that Tom lacks CREATE SESSION privilege. How to give him it?

  You need to give a certain quota to that user, or that role. For example,
  ALTER USER <username> QUOTA UNLIMITED ON <tablespace_name>;
  You can also specifiy a set amount in place of the unlimited keyword.
  ALTER USER <username> QUOTA 500M ON <tablespace_name>;
  If you create a role, then assign the privileges to that role you can group your privileges together. When you create a new user just assign the role to the user. You can then just add privileges or remove them from the role and this will take affect for all the users that have that role.

• I am a disabled user and I need keyboard shortcuts to program the software. Does anyone know the keyboard shortcut for 'Save link as' ? Very grateful for your help. Thanks. :)

  I am using Windows 7 ultimate and Firefox 4. I tried Alt + enter which does not work.

  There is no shortcut key for such context menu items.<br />
  You can use the context menu key on the keyboard to open the right-click context menu on a link and press 'k' for the "Save Link As" item.<br />
  You need to press the tab key until you arrive at that link.
  You can set the pref <b>browser.display.focus_ring_width</b> to a higher value (I use 3) to make it easier to see which link has focus.
  To open the <i>about:config</i> page, type <b>about:config</b> in the location (address) bar and press the "<i>Enter</i>" key, just like you type the url of a website to open a website.<br />
  If you see a warning then you can confirm that you want to access that page.<br />
  See also:
  * http://kb.mozillazine.org/accessibility_features_of_Firefox
  * http://kb.mozillazine.org/browser.display.focus_ring_width
  *http://www.accessfirefox.org/ - Access Firefox Because the Internet is for everyone.

• Page Views and Sessions/Users for web tests

  It seems that when you have a URL ping test that the sessions and users count increases but the page views do not counted. Is this correct? I have 10k sessions/users over the last week but ~150 page views. If I look at the server requests I also have around
  50K server requests (around 5 requests on the home page).
  Why is App Insights not tracking page views for the web tests but it is tracking everything else?

  Currently this is a correct behavior. Page Views are sent by javascript snippet which is not executed when you use web tests. User and session are counted by server side logic (AI Web SDK) which is executed. We will add a feature that detects synthetic
  traffic very soon. When implemented charts will filter out users and sessions created for web test pings.
  Anastasia

• Disabled user

  Hi, I contacted BT today for a couple of things, and one of the questions I asked was about disability and the problems my wife would have using the phone if I was not around, my wife has problems with understanding and following multi choice options on BT, I registered my wife as Disabled with BT and explained her problems with the multi choice option when contacting BT and he just registered her as a disabled user and that was it, what does my wife do if I am not around and she needs to contact BT? is there a special number she can ring that goes direct to someone or does she have to wait until I am home? any help please.   

  Hi sollie52 and welcome
  Well, with most multiple choice automated phone services, if no buttons are pressed, then eventually it should just ring and someone should answer
  If that doesn't work, pressing the * button when prompted to make a selection, used to confuse the system and it would also just connect the call.
  Next time you need to call BT, try the above...
  If either work, just tell your wife which one to do
  -+-No longer a forum member-+-

• Export user and OU

  I have been able to export a list of disabled users and computers and their DN, but I'm trying to find a way to just get username, objecttype and OU.
  Right now 
  Search-ADAccount -AccountDisabled | FT Name,ObjectClass,DistinguishedName -A
  gives me a output I can work with but I'd like to drop the CN= part of the DN and just have the full OU. I can't seem to figure out how to even get started here. Do I need to go line by line using
  get-aduser? 

  Hi,
  Here's something you can play with:
  Search-ADAccount -AccountDisabled |
  Select Name,ObjectClass,@{N='OU';E={(Get-ADOrganizationalUnit ($_.DistinguishedName.Substring($_.DistinguishedName.IndexOf(',OU=')+1))).Name}}
  This assumes that these objects are actually in OUs, not containers.
  Don't retire TechNet! -
  (Don't give up yet - 13,085+ strong and growing)

• Restrict concurrent user and/or session from a client

  Hi All:
  We have an application with database Oracle 10g.
  I want to add a new validation to restrict concurrent user and/or session from a client. (we have almost 60 client firms using the software to enter daily trasnactions).
  All users from all clients are connecting to the database using a common functional ID.
  What I did was:
  1) Add a column 'user_logged_in' in the master table for client and update it as Y when user from that client logged on to the system,
  2) Insert the application logon details (we can figure out the client details from this) into a global temp table,
  3) Create a logoff trigger to update the 'user_logged_in'flag in client master table by using values from global temp table when session logged off and
  4) Restrict the users from same client if the flag is 'Y'
  But the problem in this case is logoff trigger will not be executed in case if the session got killed or terminated abnormally.
  Is there any other good solution for this scenario?
  Thanks
  Robin

  >
  But the problem in this case is logoff trigger will not be executed in case if the session got killed or terminated abnormally.
  Is there any other good solution for this scenario?
  >
  A better question might be - is there any other 'worse' solution than that?
  >
  2) Insert the application logon details (we can figure out the client details from this) into a global temp table,
  >
  Meaning - if that session goes down you have NO logon details since the data isn't persistent. Is that really useful?
  There is nothing you can do to account for someone just pulling the plug on: the server, the network connection, the bridge, the router, etc. And if a user is connected, starts a long-running process and then gets disconnected the process is likely to keep running in the background until Oracle needs to talk to the user again and then realizes that they are gone.
  Meanwhile the user is trying to logon again but can't because the system thinks they are already logged on.
  >
  All users from all clients are connecting to the database using a common functional ID.
  >
  Doesn't that kind of make it harder, not easier, to track who is really connecting and using your application?

• Tomcat Session Tracking with Object Post and Repeated Applet Jar Download

  Hi there,
  I have an issue with session tracking in Tomcat (5.0.28) and the JRE repeatedly downloading the original Applet Jar.
  Everything works fine (session tracking and HTTP GETs) until I post an Object from the Applet to a Servlet and the Servlet reads the Object.
  After that happens the JRE downloads the Applet Jar about 20 times and continues to download it after further requests to the Servlet.
  Not sure if the following is related but I'm parsing XML returned by the Servlet in the Applet and I get the following in the Tomcat logs:
  127.0.0.1 - - [08/Feb/2005:08:43:12 +0000] "GET /[webapp_path]/servlet/META-INF/services/javax.xml.parsers.SAXParserFactory HTTP/1.1" 404 1142
  If I turn off the session tracking in the Servlet it all works fine.
  I'm using the standard HTTPSession tracking API.
  Any help is much appreciated as this is a serious issue!
  Ian

  ...furthermore...
  I've now found I had disabled caching in the JRE.
  If I enable it the immediately after a POST (not an Object) then the Applet is repeatedly downloaded and it appears more so than before.