Expire specific users sessions

Similar Messages

• How to expire EBS user sessions on shared workstations/kiosks

  My organization is using Oracle Applications Release 12.1.3.
  Recently we have deployed several shared kiosks to multiple internal locations which our employees use to access information within Oracle Applications, including pay advice and compensation information.
  One challenge we are facing is that if a user accesses his/her personal information (such as pay stub details) and then browses to another web site (such as weather.com) without logging out of EBS, the user's session cookie remains active.   Another user can then go to the kiosk, press the browser "back", and is able to see the prior user's confidential information.
  One way we are trying to avoid this is by training users to always log off of EBS, using the "logout" hyperlink which expires the user's EBS session and prevents the next user from being able to access his/her information using the browser "back" button. However we can't always count on this.
  I would like to know if other companies have put other controls or measures in place to forcefully expire a user's EBS session in cases where the user doesn't click the "logout" hyperlink (such as if going to another web site or simply closing the browser window).  Greatly appreciate any feedback or recommendations from the community on this topic.  It seems as though it is a common challenge for companies using shared kiosks / workstations within their organizations.
  Regards,
  Jeremy

  I don't believe we have considered using the "kiosk mode" browser feature.  This may be a viable solution for us.  I've passed this on to our internal team that is looking for solution ideas for this issue.
  Thank you much for this suggestion Srini - I hope to see you at the EBS Tech Stack SIG meeting at OpenWorld next week.
  Regards,
  Jeremy

• Terminate User Session

  Hi all,
  I'm using FM TH_DELETE_USER to delete a user session, however this will terminate all sessions. Can anyone suggest a system function that will delete a specific user session?
  Thanks, Mark

  Hi ,
  TH_DELETE_USER kills the sessions of the user.But there is no FM to delete the particular session.
  But if you Debug SM50 you get some info.
  i tried it i got this...
       CALL 'ThWpInfo' ID 'OPCODE'   FIELD OPCODE_WP_DEL            
                       ID 'WP_INDEX' FIELD WP_TABL_ALV-WP_INDEX.    
  in this program <b>RSMON000_ALV</b> you can find the code .
  Regards
  vijay

• Is it possible to start JSON Service specific to the user session?

  Is it possible to make JSON service to start different sessions of BusinessLogic Code in short - Is it possible to start JSON Service specific to the user session?
  Here is what I'm trying to do. I have a created a Configuration Model which contains the business logic. I want to start this model as a JSON service, and the user will interact with this model via mobile App developed using ADF Mobile. The JSON sevice has two calls
  /startConfiguration/{model_id}
  /getConfiguration
  Both of them return the string that indicates the BusinessModel being started by JSON service.
  When invoked " /startConfiguration/{model_id} " from two different browsers (Chrome - started first, FF - started second) for the same model_id (simulating the scenario of two user accessing same model), it did returned two different 'configuration' object strings, indicating that each call started its own Configuration.
  However, when I validated that the session started is user specific by calling "/getConfiguration"  it return same 'configuration object string - which is the second call from FF. Thus indicating that I cannot have JSON service tied individually to each user session. 
  My goal is to have JSON service specific to each user session. Is this possible?

  Hi,
  what is a JSON service? JSON is an object notation used with REST services. So I assume you have a REST services that returns JSON and you now want to obtain the same identifier for a specific input string? REST services - like all Web Services - are stateless and if you want to associate a request with a specific context then you need to pass a token or similar with the request so the context can be re-established. In your case I would have a look at the code mapped to startConfiguration/{model_id} to verify if the method checks for an existing configuration with the provided ID. Chances are that its the code returning the wrong ID. In general I would go with a token approach.
  Frank

• I have a java code that expires user sessions after 30 min.But the session does not expire in Firefox version 4 where as it expires in all previous versions

  I have a java code that expires user sessions after 30 min.But the session does not expire in Firefox version 4 where as it expires in all previous versions

  A good place to ask questions and advice about web development is at the mozillaZine Web Development/Standards Evangelism forum.<br />
  The helpers at that forum are more knowledgeable about web development issues.<br />
  You need to register at the mozillaZine forum site in order to post at that forum.<br />
  See http://forums.mozillazine.org/viewforum.php?f=25

• Detecting user session expiry in secure connection

  I have implemented Frank's method of detecting expired session (http://thepeninsulasedge.com/frank_nimphius/2007/08/22/adf-faces-detecting-and-handling-user-session-expiry/)-
  basicaly we call session expired when requested session is not equal to current web session:
  String requestedSession =
  ((HttpServletRequest)request).getRequestedSessionId();
  String currentWebSession =
  ((HttpServletRequest)request).getSession().getId();
  boolean sessionOk =
  currentWebSession.equalsIgnoreCase(requestedSession);
  It works perfectly well when I am launching application in OC4J, but it doesnt if I use JBoss with secure connection and session id in cookie- requestedSession and requestedSession is always the same
  Is there a way to detect session expiry using secure connection?

  Thank You for the answer Frank.
  unfortunately I cannot see full view of how this proposal differ from what I am doing..
  Can You please be more specific...
  As I understand, I am doing exactly the same with:
  String requestedSession =
  ((HttpServletRequest)request).getRequestedSessionId();
  String currentWebSession =
  ((HttpServletRequest)request).getSession().getId();
  or you mean to save currentWebSession somewhere else?

• Regarding user session...

  Hi,
  How will you determine/set the duration before a user session gets expired in an application on Oracle 10g release 3? Is there a specific entry which is to be made in a file?
  Thanks and Regards,
  Sarab

  Hi,
  I consider that you can do that at your httpd.conf.
  Cheers,
  Hamdy

• Server 2012 R2 RDS – cannot log off user session

  We have a 2 server RDS RemoteApp Farm.
  One server is constantly leaving user sessions in a disconnected state without the ability to kill the session (rebooting is the only way); this is happing 1-2 times per week.
  Servers have been configured to kill a disconnected session after 10 minutes, but some disconnected sessions have been running for days.
  Below is a screenshot of the process running for two disconnected users sessions that I could not disconnect, rebooting the server was the only way of fixing this. No error's were generated when users disconnected the session.
  Is there a known fix for this?

  Hi,
  Did you apply session disconnected policy setting in your environment?
  There are different ways for getting user log off. As you have commented that it’s happening with specific user, once check whether the user profile is not corrupted or any other related case. Also it might relates that some application or related services
  is still running under user profile so that session cannot be logged off. You can also try PowerShell command to log off the user. Also with
  Query user command you can find the related session name and ID and then with “Logoff user command” you can logoff the specific user. 
  For policy related to session setting you can check beneath article. (point 1)
  [Forum FAQ] Restrict number of Active Sessions
  in RDS 2012 and 2012 R2
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Interactive report gives an error only for a specific user

  An interactive report based on a very complicated select gives an error only when a specific user is logged on.
  The error is:
  ORA-00932: inconsistent datatypes: expected - got CLOB.
  For other users logging using this page it works fine.
  Authentication for this application is done using a stored function.
  The query does not use the current userid in it.
  Why does it fail for a specific user? if there is a problem, it should fail all the time.

  Hi ankur,
  By what you said the report dont have any date parameters or no date columns.
  "Query execution was not successful ORA-01843 not a valid month." This means it is related with date mask passing a invalid month into date column or argument to to_date function.Check once the session date that is 'dd-mm-yy' or anything else
  select * from nls_session_parameters where parameter = 'NLS_DATE_FORMAT'
  select to_date('01-DEC-06'),to_date('01-12-06') from dual;
  Also a general question whenever I am trying to mark any question as 'Helpful', the status is not changing. Is there anything I am missing.While you flag it 'helpful' or 'correct',it takes you to other screen where you see "Yes, the question is now answered" click the radio button and then click ok button.
  Hope its helpful.
  Best Wishes,
  Kranthi.
  Edited by: Kranthi.K on Jun 8, 2009 9:00 AM

• Sharing data between two separate user sessions

  Hi all!
  I have been trawling my brain for a solution to this - any help will be appreciated!
  I would like to create a single instance of a class but share that instance over more than one user session (two separate users but both running concurrently).
  Just as you can pass data between sessions using ABAP memory - I would like to pass data (specifically an object reference) between two separate users that could even be logged in to two separate application servers...
  Even a mini Client/server solution would suffice but I cannot figure one out!
  Is this possible?
  Many thanks for your thoughts in advance...
  N

  Hello N K,
  sorry thats not possible. Sharing a data item / object instance requires at least a common physical memory. As this is not guaranteed between different app. server this is technical not possible.
  With release 640 ABAP offers the new feature Shared Objects. These mechanism allows access by different users and some propagation to differnt servers.There is an interesting article on the ABAP SDN homepage
  https://www.sdn.sap.com/sdn/developerareas/abap.sdn
  For relases below more or less the database is the only chance to store data accross application servers (known to me). One exception might be the ENQUEUES which might (mis)used to store some Flags.
  Kind Regards
  Klaus
  Link to Shared Objects PDF
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/documents/a1-8-4/shared objects in abap

• Video Phone only works when specific user initiates connection

  Hi,
  I have an application based on the Cirrus Video phone demo as presented here:
  http://labs.adobe.com/technologies/cirrus/samples/
  In general, this works fine, but for one specific user with whom I test, I have the following issue:
  When I initate the call, we are paired together by Cirrus, but his video/audio does not transmit to me. He can however see and hear me just fine.
  When he initaites the call, everything works fine.
  I'm concerned that this is an issue re. NAT/Firewall setup on standard home broadband connections, in that UDP is allowed through his firewall when the firewall sees that the connection has been initiated by him.
  I'm a web developer, rather than a Flash developer, and I'm just looking for a few leads so that I can investigate this.
  G

  My application works as follows:
  User1 (me) askes User2 (friend) if they would like to speak via AJAX text chat system
  When User2 confirms that they would like to do this:
  User1 browser loads Flash app
  Flash app connects and obtains session key from cirrus
  Flash app writes that session key to database
  User2 browser loads Flash app
  Flash app checks DB to see if session key exists
  If not, it waits, and check again in 10 secs
  When session key is finally found, Flash app connects to cirrus
  Cirrus now exchanges network data between clients, and P2P connection is established
  Call is placed from User2 to User1
  User1 answers
  Video and audio transmission starts from User1, and is received by User2
  No Video and audio transmission is received by User1 from User2 (text chat over Cirrus is however possible)
  All of this works in the majority of cases with other users, and when the roles are reversed, it also works.
  The only time it doesn't work, it when I try to call my friend.
  The behaviour described above can be seen in both my app, and the sample provided by Adobe at:
  http://labs.adobe.com/technologies/cirrus/samples/
  I hear what you are saying about RTMFP, but it really doesn't look like a coding problem, unless that problem also exists in the Adobe demo.

• Log sql of a specific user

  Hi
  Is there a way to trace all the sql query of a specific user in Oracle 9i ?
  I already try logminer but i find it not very flexible.
  Thanks for answer.

  Hi,
  You can use sql trace on a session level even you can set this parameter on db level. There might be no other way to get a log of a particular user's queries.
  Thanks

• FM to logoff user sessions TH_DELETE_USER

  Hi,
  We have a requirement to develop a report program which should log off all the sessions of a specific user. We tried to use the standard FM 'TH_DELETE_USER' for this functionality but we are getting 'AUTHORITY_ERROR' when we execute this FM.
  If anybody has worked on this FM and knows how to use the FM to satisfy the requirement please let us know or any other suggestions which can help us in loging off the users will be of great help.

  Hi,
  first you need a user who has this administration authorities.
  Then you have to get some informations about servers and users, e.g.:
  *    Get server list
  call function 'RFC_GET_LOCAL_DESTINATIONS'
      tables
        localdest     = xt_server
      exceptions
        not_available = 1
        others        = 2.
                                                                                  check sy-subrc          eq  0.
                                                                                  refresh                     xt_users.
                                                                                  loop                    at  xt_server.
      refresh                   xt_usrvr.
                                                                                  call function 'THUSRINFO'
        destination xt_server
        tables
          usr_tabl = xt_usrvr
        exceptions
          others   = 4.
      if  sy-subrc          eq  0.
        loop                at  xt_usrvr.
          if xt_usrvr-bname in  xp_uname.
            xt_users-bname  =  xt_usrvr-bname.
            xt_users-tid    =  xt_usrvr-tid.
            xt_users-apserver  =  xt_server.
            append             xt_users.
          endif.
        endloop.
      else.
        message  w999(zz) with  text-m00
                                xt_server.
      endif.
    endloop.
                                                                                  *    SORT list
    sort                        xt_users
                            by  bname
                                apserver
                                tid.
                                                                                  *    delete duplicates
    delete  adjacent duplicates from xt_users
                     comparing  bname
                                apserver.
  At least you have to logoff the user
  call function 'TH_DELETE_USER'
      destination xt_users-apserver
      exporting
        user            = xt_users-bname
        client          = sy-mandt
      exceptions
        authority_error = 1
        others          = 2.
  Regards,
  Klaus

• Access to Oracle Database by a specific user from a client system.

  Hi All,
  I need to restrict a particular client system to access the database only by a specific user credentials. I mean system A(hostname) can only connect the database PQR only and only by user U123. Any help is sincerely appreciated.
  Regards
  Swapan

  Hi,
  I solved it by a trigger at logon on V$SESSION which validates MACHINE like [HOSTNAME] and username not like [the_user_I_would_allow].
  It works now.
  Thanks for your reply.
  Regards
  Swapan

• Problem in implements ADF Faces: Detecting and handling user session expiry

  Hello everybody
  I´m trying to implement a method to handle user session expiry as explained by frank nimphius in his blog.
  http://thepeninsulasedge.com/frank_nimphius/2007/08/22/adf-faces-detecting-and-handling-user-session-expiry/
  I have implemented the class bellow and add the filters in web.xml. However when I add the JavaServer Faces Servlet to sign the filter, my hole application get nuts. I try to publish the applicatoin in the OAS and it seems that it already starts expired.
  Someone konw what I´m doing wrong?
  I use the filter
  <filter>
  <filter-name>ApplicationSessionExpiryFilter</filter-name>
  <filter-class>adf.sample.ApplicationSessionExpiryFilter</filter-class>
  <init-param>
  <param-name>SessionTimeoutRedirect</param-name>
  <param-value>SessionExpired.jspx</param-value>
  </init-param>
  </filter>
  then I add
  XML:
  <filter-mapping>
  <filter-name>ApplicationSessionExpiryFilter</filter-name>
  <servlet-name>Faces Servlet</servlet-name>
  </filter-mapping>
  package adf.sample;
  import java.io.IOException;
  import javax.servlet.Filter;
  import javax.servlet.FilterChain;
  import javax.servlet.FilterConfig;
  import javax.servlet.ServletException;
  import javax.servlet.ServletRequest;
  import javax.servlet.ServletResponse;
  import javax.servlet.http.HttpServletRequest;
  import javax.servlet.http.HttpServletResponse;
  this is the class
  public class ApplicationSessionExpiryFilter implements Filter {
  private FilterConfig _filterConfig = null;
  public void init(FilterConfig filterConfig) throws ServletException {
  _filterConfig = filterConfig;
  public void destroy() {
  _filterConfig = null;
  public void doFilter(ServletRequest request, ServletResponse response,
  FilterChain chain) throws IOException, ServletException {
  String requestedSession = ((HttpServletRequest)request).getRequestedSessionId();
  String currentWebSession = ((HttpServletRequest)request).getSession().getId();
  boolean sessionOk = currentWebSession.equalsIgnoreCase(requestedSession);
  // if the requested session is null then this is the first application
  // request and "false" is acceptable
  if (!sessionOk && requestedSession != null){
  // the session has expired or renewed. Redirect request
  ((HttpServletResponse) response).sendRedirect(_filterConfig.getInitParameter("SessionTimeoutRedirect"));
  else{
  chain.doFilter(request, response);
  I'm really having trouble controlling user sessions. if someone know where I can get materials to learn how to implements session in Jdev ADF + BC, I´m very grateful.
  Thank you Marnie

  The class works fine.. the issue is when I add the this code into web.xml
  <filter-mapping>
  <filter-name>ApplicationSessionExpiryFilter</filter-name>
  <servlet-name>Faces Servlet</servlet-name>
  </filter-mapping>
  bellow the web.xml
  <?xml version = '1.0' encoding = 'windows-1252'?>
  <web-app>
  <description>Empty web.xml file for Web Application</description>
  <context-param>
  <param-name>javax.faces.STATE_SAVING_METHOD</param-name>
  <param-value>client</param-value>
  </context-param>
  <context-param>
  <param-name>CpxFileName</param-name>
  <param-value>userinterface.DataBindings</param-value>
  </context-param>
  <filter>
  <filter-name>ApplicationSessionExpiryFilter</filter-name>
  <filter-class>view.managedBean.ApplicationSessionExpiryFilter</filter-class>
  </filter>
  <filter>
  <filter-name>adfFaces</filter-name>
  <filter-class>oracle.adf.view.faces.webapp.AdfFacesFilter</filter-class>
  </filter>
  <filter>
  <filter-name>adfBindings</filter-name>
  <filter-class>oracle.adf.model.servlet.ADFBindingFilter</filter-class>
  </filter>
  <filter-mapping>
  <filter-name>ApplicationSessionExpiryFilter</filter-name> ==> the problem occurs when I try to add this code
  <servlet-name>Faces Servlet</servlet-name>
  </filter-mapping>
  <filter-mapping>
  <filter-name>adfFaces</filter-name>
  <servlet-name>Faces Servlet</servlet-name>
  <dispatcher>FORWARD</dispatcher>
  <dispatcher>REQUEST</dispatcher>
  </filter-mapping>
  <filter-mapping>
  <filter-name>adfBindings</filter-name>
  <url-pattern>*.jsp</url-pattern>
  </filter-mapping>
  <filter-mapping>
  <filter-name>adfBindings</filter-name>
  <url-pattern>*.jspx</url-pattern>
  </filter-mapping>
  <servlet>
  <servlet-name>Faces Servlet</servlet-name>
  <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
  <load-on-startup>1</load-on-startup>
  </servlet>
  <servlet>
  <servlet-name>resources</servlet-name>
  <servlet-class>oracle.adf.view.faces.webapp.ResourceServlet</servlet-class>
  </servlet>
  <servlet-mapping>
  <servlet-name>Faces Servlet</servlet-name>
  <url-pattern>/faces/*</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>resources</servlet-name>
  <url-pattern>/adf/*</url-pattern>
  </servlet-mapping>
  <session-config>
  <session-timeout>1</session-timeout>
  </session-config>
  <mime-mapping>
  <extension>html</extension>
  <mime-type>text/html</mime-type>
  </mime-mapping>
  <mime-mapping>
  <extension>txt</extension>
  <mime-type>text/pain</mime-type>
  </mime-mapping>
  </web-app>
  By the way, how can I post code on the forum properly?