False authentication sessions problem

Similar Messages

• Authentication Session Problem in iPAD

  Hi!
  I'm facing a very strange problem with Wifi authentication on iPAD. When I start my iPAD, it detects the network correctly, gets IP and other info using DHCP and as set up in my environment, a page asking user to authenticate would be pushed to the user. We enter user name and password and it starts woking. However, within 3-5 minutes, the same authentication page would reappear as if the WiFi connection got dropped. After good amount of work on the issue I'm almost sure that the isssue is not with APs and other parts of my infrastructure as all other devices work fine. My WiFi authentication is controlled by a UTM - "Cyberoam" which is in use for roughly ~5 years on a network comprising more than ~2500 machines. Just to be sure myself, I tried even changing the Cisco APs with Ruckus.
  I tried upgrading my iPAD OS from 3.3.3 to 4.3.2. Having failed to got the expected result, I restored my iPAD as well. However, problem remains unsolved.
  Removing the authentication on the WiFi segment makes the connection work smoothly!!
  Any clues?  

  Hi,
  If you have been using jspChart v 1.00 :
  As shown in the modified , attached PPT :
  I will be displaying a bar chart. The length of bar chart is obatined from Sybase database. This chart should be dynamically created depending on the value on
  the database and x -axis is exponential.
  This will be displayed on a HTML page.
  1. I want to know whether,the values can be obtained the values from Sybase database ?
  If so, what are the changes.
  2. can you tell me the steps to install and run the jspchart v 1.00 on Jrun or any server please.
  Any thing else, I need to install like SAX , JCLARK. I am getting errors in this. PL HELP.
  3. Is it possible to plot "Exponential values" in the Y-axis. like 0 - 100- 1000 - 10000 - 100000
  and the length of the Bar should automaticall be coloured till that Point as shown in the Power point attached.
  If not, any suggestions to use any other software.
  Thanks in advance.
  [email protected]

• IP address unknown "show authentication session interface"

  Hi,
  I have the following issue:
  Several hosts on a specific VLAN cannot reach a VNC server which is located in the same VLAN. All the ports are running 802.1X and hosts are authenticated based on certificate.
  The hosts that have the issue are always authenticated with success and a "show authentication session interface <INT-NAME>" shows the following output for a client:
  SWl#sh authentication sessions interface g1/0/42
              Interface:  GigabitEthernet1/0/42
            MAC Address:  4437.e668.9896
             IP Address:  Unknown
                 Status:  Authz Success
                 Domain:  DATA
         Oper host mode:  multi-domain
       Oper control dir:  both
          Authorized By:  Authentication Server
            Vlan Policy:  100
        Session timeout:  N/A
           Idle timeout:  N/A
      Common Session ID:  0000000000000AA09F7A3843
        Acct Session ID:  0x00000CD7
                 Handle:  0x2D000AA0
  The server:
  SW#sh authentication sessions interface g2/0/43   
              Interface:  GigabitEthernet2/0/43
            MAC Address:  4437.e68a.4048
             IP Address:  10.10.10.254
                    Status:  Authz Success
                 Domain:  DATA
         Oper host mode:  multi-domain
       Oper control dir:  both
          Authorized By:  Authentication Server
            Vlan Policy:  100
        Session timeout:  N/A
           Idle timeout:  N/A
      Common Session ID:  00000000000008DC576F3B64
        Acct Session ID:  0x000009CB
                 Handle:  0x200008DC
  If I do a "clear authentication sessions interface g1/0/42" on one of the client port then the IP address is not unknown anymore:
  SW#sh authentication sessions interface g1/0/42
              Interface:  GigabitEthernet1/0/42
            MAC Address:  4437.e668.9896
             IP Address:  10.10.10.20
                Status:  Authz Success
                 Domain:  DATA
         Oper host mode:  multi-domain
       Oper control dir:  both
          Authorized By:  Authentication Server
            Vlan Policy:  100
        Session timeout:  N/A
           Idle timeout:  N/A
      Common Session ID:  0000000000000E63AA195FED
        Acct Session ID:  0x000010A6
                 Handle:  0x92000E63
  Then the client can connect to the server without any issues. Does anyone has a solution to fix this issue?
  All port are configured the same (client and server) and DHCP snooping is runing for the authenticated VLAN (100):
  interface GigabitEthernet1/0/42
  switchport access vlan 999
  switchport mode access
  switchport nonegotiate
  switchport block multicast
  switchport block unicast
  switchport port-security maximum 4
  switchport port-security
  switchport port-security violation restrict
  ip arp inspection limit rate 50
  authentication host-mode multi-domain
  authentication port-control auto
  mab
  dot1x pae authenticator
  dot1x timeout tx-period 5
  storm-control broadcast level 5.00
  storm-control action shutdown
  no vtp
  ip dhcp snooping limit rate 50
  Platform: cisco WS-C3750X-48P
  IOS: c3750e-universalk9-mz.122-55.SE3.bin
  Authentication Server: Cisco ISE
  Best regards,
  Laurent

  Hi Tarik,
  Is this command used in combination with dot1x? The switch is running DHCP snooping so the MAC/IP/VLAN should already be present in the DHCP snooping database, no?
  I would like to understand what is causing the problem and how this command can solve it
  Regards,
  Laurent

• Checkbox for authenticated sessions missing in 3.6.3

  I am a tech support person for users of Blackboard CE8, an online learning management system. We have told users of earlier Firefox versions to "Clear Private Data" and then check a box for authenticated sessions in order enable certain features of Blackboard. Now, it's "Clear Recent History" which I've done (again and again). There is nothing in 3.6.3 that pertains directly to "authenticated sessions." What, then, is the troubleshooting step in 3.6.3 that is *equivalent* to checking the box for authenticated sessions?

  We ran this solution past the user with this problem, and it didn't take. We also tried these steps to ream out Java on the user's computer. (See the list of steps below). It still didn't take.
  1. With no programs open, remove all versions of Java: Go to the Start menu, and choose Control Panel.
  2. Open Add/Remove Programs (for Windows XP) or Uninstall Program (for Windows VISTA)
  3. Remove ALL instances of Java.
  4. Close all windows.
  5. Install current version of Java: go to http://www.java.com/en/download/manual.jsp
  6. Click the link Windows 7/XP/Vista/2000/2003/2008 Online ( http://javadl.sun.com/webapps/download/AutoDL?BundleId=39502 )
  7. Choose Run and follow instructions to install Java.
  8. After installation, open Firefox and go to your course.
  9. Be sure that popups are enabled in your browser or disable your popup blocker.
  10. If you receive a Security Alert popup window, choose "Always trust content from this publisher" and then press Run.
  11. You can now try to browse your computer to add an attachment, to see if you can see the My Files icon.
  We have since advised the user to try using Internet Explorer 8, which is certified for use with Blackboard CE8. This is clearly not a desirable option from Firefox perspective.

• Java Session problem while sending mail(using javamail) using Pl/SQL

  Hello ...
  i am using Java stored procedure to send mail. but i'm getting java session problem. means only once i can execute that procedure
  pls any help.

  props.put("smtp.gmail.com",host);I doubt javamail recognizes the 'smtp.gmail.com' property. I think it expects 'mail.host'. Of course since it cannot find a specified howt it assumes by default localhost
  Please format your code when you post the next time, there is a nice 'code' button above the post area.
  Mike

• Session problem in jsp application

  I face a session problem. I setting everything in a session and when pass back to a main page, the value is not display in the screen. But after refresh the value will display in the screen and this kind of problem only come out very few time and i dun knw how to solve this...
  Anyone here can give me some idea and suggestion or the way to solve this kind of problem!!!

  define "2 different clients"
  1) You have 2 different PCs and it's using the same session ID for both? I doubt this. I think the server is advanced enough not to use give a session ID that's already been created.
  2) You have 1 PC and are using IE or Netscape and using File > New Window to open a new window and connect again. This you can't fix without using only URL rewriting to manage session, because the different windows will share the same session cookies.

• Multiple browsers open causes authentication or session problems

  Hi Folks,
  I have a strange problem. It's strange to me in any case as I'm primarily a back-end guy so I am not an expert on some of the web features of APEX. I have built an application that accesses many remote databases through database links. I open 4 instances of IE6, each is handed a seperate session id as can be seen in the url. The user provides the db name, user and password in the login page. I authenticate by creating a custom auth procedure which creates a temporary database link to test whether the user and password provided is correct for the chosen database. If correct, I authenticate. With 4 instances, this all works fine. Then I'm redirected to the first page in my application which runs a query against the remote database selected at login. ( table@db_link). If I hit the button to submit the query on the 4 browsers, the 4th one reverts me to the login page as if I am not authenticated. This does not seem to happen if I open 4 browsers on 4 different computers all accessing the APEX application.
  Has anyone experienced similar issues or does anyone know if there is some limit on how many sessions from the one computer can be handled. I thought initially that it might have been an issue with some spfile parameters but I'm thinking now that it must be either how APEX handles requests from the same machine or some network/http issue? As I said, when it come to http sessions etc, I am no guru!!
  Thanks for any help!

  Sounds like those browser windows are using the same OS process. Did you start them with CTRL-N ? Try starting them from the Start menu. If they aren't using separate processes they'll share cookies and that would result in the kinds of things you described.
  Scott

• Session problem: req.getSession(false) always attempt set a session cookie.

  I am having a problem with getSession(false) method. For some reasone
            when I do this:
            doGet(.....){
            HttpSession tmpsession = req.getSession(false);
            RequestDispatcher dpatch =
            this.getServletContext().getRequestDispatcher("/welcome.jsp");
            dpatch.forward(req, res);
            Even if tmpsession is null, my web browser tells me that the servlet is
            trying to set a cookie. But the problem is that if I do accept the
            cookie, next time I tried to access the same page, the servlet thinks
            that there is already a session.
            Has anyone seen this problem?
            James Yuan Direct: 415-399-7274
            

  Weblogic can be configured to automatically create a session. Check your properties file
            for the value of weblogic.httpd.session.enable. If set to true, a session will be
            automatically created for the user.
            Guy
            James Yuan <[email protected]> wrote:
            > I am having a problem with getSession(false) method. For some reasone
            > when I do this:
            > doGet(.....){
            > ...
            > HttpSession tmpsession = req.getSession(false);
            > .....
            > ....
            > RequestDispatcher dpatch =
            > this.getServletContext().getRequestDispatcher("/welcome.jsp");
            > dpatch.forward(req, res);
            > }
            > Even if tmpsession is null, my web browser tells me that the servlet is
            > trying to set a cookie. But the problem is that if I do accept the
            > cookie, next time I tried to access the same page, the servlet thinks
            > that there is already a session.
            > Has anyone seen this problem?
            > --
            > /-----------------------------------------\
            > James Yuan Direct: 415-399-7274
            

• Authentication & Session Management questions

  Hi. Apex 2.2.1. I'm going crazy trying to set up authentication for my application. I'd appreciate any pointers. My scenario is
  Siteminder intercepts all calls to the application
  User authenticates with Siteminder
  If authenticated, Siteminder sets HTTP_SM_USER in the header
  If not authenticated, then APEX is never called
  Pull the user out of the header
  Create a session if needed
  Log the user in if needed
  Redirect the user to the request page
  I've followed the example that I've found in the forum and set up a page sentry function to create a session when the user first comes in. After that I try to verify that the session belongs to them. That's not working because wwv_flow_custom_auth_std.get_username never returns a value. I think that's because I'm not logging the user in to APEX. I can't figure out the difference between wwv_flow_custom_auth_std.post_login and wwv_flow_custom_auth_std.login. (it probably doesn't help that I inherited the application from some consultants that left a year ago and there is no documentation on it or even APEX here at my site).
  Mike

  Thanks, Scott. The problem is that it seems to keep looping. You can see from the log that it creates the session, then invalidates it, then creates it, etc.
  Mike
  debug log
       384     1000     Enter 604 - 1 user MDHENDER session NOT valid
       384     4000     session is NOT valid
       384     4100     dn_network_id is acct\mdhender
       384     5000     creating a new session
       384     5010     created new session
       384     6000     setting up follow up url
       384     6010     follow up url is 604:1:
       384     7000     register new session
       384     7010     registered session
       384     9000     clean exit
       385     1000     Enter 604 - 1 user MDHENDER session valid
       385     3000     session is valid 1707655438517376
       385     3010     authenticated user MDHENDER cookie
       385     3100     marker
       385     3200     marker
       386     1000     Enter 604 - 1 user MDHENDER session NOT valid
       386     4000     session is NOT valid
       386     4100     dn_network_id is acct\mdhender
       386     5000     creating a new session
       386     5010     created new session
       386     6000     setting up follow up url
       386     6010     follow up url is 604:1:
       386     7000     register new session
       386     7010     registered session
       386     9000     clean exit
       387     1000     Enter 604 - 1 user MDHENDER session valid
       387     3000     session is valid 2743127946937676
       387     3010     authenticated user MDHENDER cookie
       387     3100     marker
       387     3200     marker
  Here is the code
  <code>
  CREATE OR REPLACE FUNCTION lmf_siteminder_page_sentry RETURN BOOLEAN IS
  vAuthenticatedUsername VARCHAR2(512);
  vCurrentSessionId NUMBER;
  vDeclaredUser VARCHAR2(512);
  vLogFlag VARCHAR2(1);
  vMaxIdleMinutes NUMBER := 15;
  vNextPage VARCHAR2(1024);
  vTransNo NUMBER;
  PROCEDURE log_msg(vFlag in varchar2,
  vTransNo in number,
  vSeqNo in number,
  vMessage in varchar2) is
  pragma autonomous_transaction;
  BEGIN
  IF vFlag = 'Y' THEN
  insert into sm_debug_log
  (transno, seqno, msg)
  values
  (vTransNo, vSeqNo, vMessage);
  commit;
  END IF;
  EXCEPTION
  WHEN OTHERS THEN
  rollback;
  raise;
  END;
  -- determine if the siteminder user is authorized
  FUNCTION CheckAuthorizedUser(vUserName in varchar2) return boolean is
  vDeclaredUser VARCHAR2(512);
  BEGIN
  -- verify that the user is supposed to have access to the application.
  -- a quick check of the authorized users table will settle that question
  select dn_network_id
  into vDeclaredUser
  from user_authorization
  where UPPER(network_id) = UPPER(vUserName);
  return true;
  EXCEPTION
  WHEN OTHERS THEN
  return false;
  END;
  -- if the session cookie's user matches our authenticated user then
  -- return true
  FUNCTION CheckCookieUser(vUserName in varchar2) return boolean is
  BEGIN
  IF vAuthenticatedUsername = wwv_flow_custom_auth_std.get_username THEN
  return true;
  END IF;
  return false;
  END;
  FUNCTION URLRedirect(vUrl IN varchar2) return boolean is
  BEGIN
  log_msg(vLogFlag, vTransNo, 9999, 'redirect => ' || vUrl);
  owa_util.redirect_url(vUrl, true);
  wwv_flow.g_unrecoverable_error := true;
  return false;
  END;
  BEGIN
  BEGIN
  select debug, sm_seq_no.nextval
  into vLogFlag, vTransNo
  from sm_settings;
  EXCEPTION
  WHEN OTHERS THEN
  vLogFlag := 'N';
  END;
  -- get authenticated user from siteminder. APEX may expect it
  -- to be upper case
  vAuthenticatedUsername := UPPER(lmf_siteminder_user());
  IF wwv_flow_custom_auth_std.is_session_valid THEN
  log_msg(vLogFlag,
  vTransNo,
  1000,
  'Enter ' || v('APP_ID') || ' - ' || v('APP_PAGE_ID') ||
  ' user ' || nvl(vAuthenticatedUsername, '*null*') ||
  ' session valid');
  ELSE
  log_msg(vLogFlag,
  vTransNo,
  1000,
  'Enter ' || v('APP_ID') || ' - ' || v('APP_PAGE_ID') ||
  ' user ' || nvl(vAuthenticatedUsername, '*null*') ||
  ' session NOT valid');
  END IF;
  -- no surprise here - let anyone view a page flagged as public
  IF htmldb_custom_auth.current_page_is_public THEN
  log_msg(vLogFlag, vTransNo, 1010, 'current page is public');
  return true;
  END IF;
  -- redirect all unauthorized users to our no-access page
  IF not CheckAuthorizedUser(vAuthenticatedUsername) THEN
  -- send the user to our unathorized page
  log_msg(vLogFlag,
  vTransNo,
  1100,
  'unable to find dn_network_id for authenticated user ' ||
  lmf_siteminder_user());
  log_msg(vLogFlag,
  vTransNo,
  1110,
  'try a redirect to ' || '/pls/apex/f?p=' || v('APP_ID') ||
  ':105:' || vCurrentSessionId || ':');
  return URLRedirect('/pls/apex/f?p=' || v('APP_ID') || ':105:' ||
  vCurrentSessionId || ':');
  END IF;
  -- use the current session if it is valid and assigned to
  -- our authenticated user
  IF wwv_flow_custom_auth_std.is_session_valid THEN
  vCurrentSessionId := wwv_flow_custom_auth_std.get_session_id_from_cookie;
  log_msg(vLogFlag,
  vTransNo,
  3000,
  'session is valid ' || vCurrentSessionId);
  log_msg(vLogFlag,
  vTransNo,
  3010,
  'authenticated user ' || vAuthenticatedUsername || ' cookie ' ||
  wwv_flow_custom_auth_std.get_username);
  -- if the session cookie's user matches our authenticated user then
  -- accept it and proceed with displaying the page
  IF CheckCookieUser(vAuthenticatedUsername) THEN
  wwv_flow_custom_auth.define_user_session(p_user => vAuthenticatedUsername,
  p_session_id => vCurrentSessionId);
  return true;
  END IF;
  log_msg(vLogFlag, vTransNo, 3100, 'marker');
  -- the names do not match. assume that someone hijacked the session.
  -- invalidate it and bump them out
  -- Unset the session cookie and redirect back here to take other branch
  wwv_flow_custom_auth_std.logout(p_this_flow => v('APP_ID'),
  p_next_flow_page_sess => v('APP_ID') || ':' ||
  nvl(v('APP_PAGE_ID'),
  0) || ':' ||
  vCurrentSessionId);
  wwv_flow.g_unrecoverable_error := true;
  log_msg(vLogFlag, vTransNo, 3200, 'marker');
  -- tell APEX that we are not pleased
  return false;
  END IF;
  log_msg(vLogFlag, vTransNo, 4000, 'session is NOT valid');
  -- we did not have a valid session so verify that the user is supposed
  -- to access our application. a quick check of the authorized users
  -- table will settle that question for us
  BEGIN
  select dn_network_id
  into vDeclaredUser
  from user_authorization
  where UPPER(network_id) = vAuthenticatedUsername;
  log_msg(vLogFlag, vTransNo, 4100, 'dn_network_id is ' || vDeclaredUser);
  EXCEPTION
  WHEN NO_DATA_FOUND THEN
  -- send the user to our unathorized page
  log_msg(vLogFlag,
  vTransNo,
  4900,
  'unable to find dn_network_id for authenticated user ' ||
  vDeclaredUser);
  log_msg(vLogFlag,
  vTransNo,
  4910,
  'try a redirect to ' || '/pls/apex/f?p=' || v('APP_ID') ||
  ':105:' || vCurrentSessionId || ':');
  return URLRedirect('/pls/apex/f?p=' || v('APP_ID') || ':105:' ||
  vCurrentSessionId || ':');
  END;
  -- create new session
  log_msg(vLogFlag, vTransNo, 5000, 'creating a new session');
  wwv_flow_custom_auth.define_user_session(p_user => vAuthenticatedUsername,
  p_session_id => wwv_flow_custom_auth.get_next_session_id);
  log_msg(vLogFlag, vTransNo, 5010, 'created new session');
  wwv_flow.g_unrecoverable_error := true;
  -- set cookie
  -- set the followup URL to page 1
  log_msg(vLogFlag, vTransNo, 6000, 'setting up follow up url');
  vNextPage := to_char(wwv_flow.g_flow_id) || ':1:';
  log_msg(vLogFlag, vTransNo, 6010, 'follow up url is ' || vNextPage);
  --wwv_flow_custom_auth.remember_deep_link(p_url => vNextPage);
  --log_msg(vLogFlag, vTransNo, 6020, 'completed follow up url');
  --IF owa_util.get_cgi_env('REQUEST_METHOD') = 'GET' THEN
  -- wwv_flow_custom_auth.remember_deep_link(p_url => 'f?' ||
  -- wwv_flow_utilities.url_decode2(owa_util.get_cgi_env('QUERY_STRING')));
  --ELSE
  -- wwv_flow_custom_auth.remember_deep_link(p_url => 'f?p=' ||
  -- to_char(wwv_flow.g_flow_id) || ':' ||
  -- to_char(nvl(wwv_flow.g_flow_step_id,
  -- 0)) || ':' ||
  -- to_char(wwv_flow.g_instance));
  --END IF;
  -- register new session with the application
  log_msg(vLogFlag, vTransNo, 7000, 'register new session');
  if 0 < 1 then
  wwv_flow_custom_auth_std.post_login(p_uname => vAuthenticatedUsername,
  p_flow_page => vNextPage);
  log_msg(vLogFlag, vTransNo, 7010, 'registered session');
  else
  wwv_flow_custom_auth_std.login(P_UNAME => vAuthenticatedUsername,
  P_PASSWORD => 'dummy',
  P_SESSION_ID => v('APP_SESSION'),
  P_FLOW_PAGE => v('APP_ID') || ':1');
  log_msg(vLogFlag, vTransNo, 7011, 'registered session');
  end if;
  if 0 > 1 then
  owa_util.mime_header('text/html', FALSE);
  owa_cookie.send(name => 'LOGIN_USERNAME_COOKIE',
  value => vAuthenticatedUsername,
  expires => null,
  path => '/',
  secure => 'yes');
  owa_cookie.send(name => 'HTMLDB_IDLE_SESSION',
  value => to_char(sysdate + (vMaxIdleMinutes / 1440),
  'DD-MON-YYYY HH24:MI:SS'),
  expires => null,
  path => '/',
  secure => 'yes');
  end if;
  log_msg(vLogFlag, vTransNo, 9000, 'clean exit');
  -- tell htmldb engine to quit
  return false;
  EXCEPTION
  WHEN OTHERS THEN
  return false;
  END;
  </code>

• Session problem in ADF BC

  We have an application developed in Jdev 10.1.3.4 (JSP, Struts, ADF BC) and running on OAS. Now we have a big problem with session, hope somebody can help with some ideas.
  We set session time to 45 min in the web.xml. The problem is that sometimes some user work on a page with form,for instance performing some edit activity. If he/she leave the page open inactive for more than 45 minutes and come back from lunch, press the ’save’ button, the application would then commit the change to the wrong row in database, most probably the top row in the View Object(VO) instance. This is because the application module actually does a rollback when session expires, it loses all user data.(e.g. row currency in VO instance).
  To avoid saving wrong data to the wrong place, we implemented a session Filter(see att. Below: ApplicationSessionExpiryFilter.java) to catch session time-out and forward request to an error page alerting user that their session has expired due to long time of inactivity. The Filter works as it should but it gives another problem. If user already has one of our application page open for very long time and open another page in a new browser (e.g. click a link from an email), he/she will get session-expire error immediately in the new browser. I guess it is because the session in the first browser already expires and the newly opened the browser shares the same session with the first one. That is how browsers works, we can do nothing about it.
  But our users are of course not very happy about getting the session errors in a newly opened browser. So we tried implementing a heartbeat funtion in AJAX(see att. Below: Heartheat.html and Template.jsp) to keep the session alive until the page is closed. Basically what we do is adding an invisible div tag in every jsp page and invoke AJAX funtion to periodically update the div tag with a small html page. In this way, a request is being sent to the server every 5 minutes thus the session should be kept alive until the page/browser is closed.
  It sounds to us like a very logical solution but it doesn’t work very properly. We sometimes still get the session error page immediately after opening a new page while we have another page open for long time.
  Could anyone please help to look at our Filter and heatbeat funtion? Is there anything wrong with our Filter or the heartbeat? Why does the session still expire before we close the page?
  All we do here is to try to avoid the initial probelm with saving data after session and the application module expires. If anyone has a better solution to this problem, we would very much like to try. Appreciate if anyone can share some ideas!
  Thanks in advance!
  *1. ApplicationSessionExpiryFilter.java*
  public class ApplicationSessionExpiryFilter implements Filter {
  private FilterConfig _filterConfig = null;
  public void init(FilterConfig filterConfig) throws ServletException {
  _filterConfig = filterConfig;
  public void destroy() {
  _filterConfig = null;
  public void doFilter(ServletRequest request, ServletResponse response,
  FilterChain chain) throws IOException, ServletException {
  HttpServletRequest httpRequest = (HttpServletRequest)request;
  boolean sessionInvalid = false;
  if(httpRequest.getRequestedSessionId() != null) {
  if(!httpRequest.isRequestedSessionIdValid()) {
  if (!httpRequest.getRequestURI().endsWith("sessionExpired.do")) {
  sessionInvalid = true;
  if (sessionInvalid) {
  ((HttpServletResponse) response).sendRedirect(_filterConfig.getInitParameter("SessionTimeoutRedirect"));
  else {
  chain.doFilter(request, response);
  *2. Heartheat.html* (A small html page to be invoked by template.jsp periodically)
  <html>
  <head>
  <META Http-Equiv="Cache-Control" Content="no-cache, must-revalidate">
  <META Http-Equiv="Pragma" Content="no-cache">
  <META Http-Equiv="Expires" Content="Expires: Mon, 26 Jul 1997 05:00:00 GMT">
  </head>
  <body>
  heartbeat to keep session alive!
  </body>
  </html>
  *3. Template.jsp* (Template page to be extended by all jsp pages, invoke heart.html every 5 min)
  <Html>
  <body>
  <div id="heartbeat" style="display:none">
  </div>
  <script type="text/javascript" language="javascript">
  new Ajax.PeriodicalUpdater('heartbeat','jsp/template/heartbeat.html',{ method: 'post', frequency: 300, decay: 1 }); // update heartbeat.html every 300 sec(5min)
  </script>
  </body></html>

  Hi Shay,
  Reviewing ADFContex methods it seems that this object shouldn't be accessible from BC. Example:
  public static ADFContext initADFContext(java.lang.Object context,
                                          java.lang.Object session,
                                          java.lang.Object request,
                                          java.lang.Object response)
      Initializes the ADFContext for the environment of the specified context.
      Parameters:
          context - the ServletContext or PortletContext of the current execution environment.
          session - the HttpSession or PortletSession of the current execution environment. OPTIONAL.
          request - the HttpServletRequest or PortletRequest of the current execution environment. OPTIONAL.
          response - the HttpServletResponse or PortletResponse of the current execution environment. OPTIONAL.
      Returns:
          the ADFContext that was current when init was invoked. Should be passed back to resetADFContext after the block requiring the ADFContext has completed.Kuba

• Session problem in one out of two jsp

  Dear java guru's
  I have got jsp page A.jsp.User select few option and this jsp calls
  B.servlet this takes user input and pass to
  C.bean which returns vector to B.servlet
  This servlet put vector in session and dispatch to new jsp
  D.jsp which calls
  E.jsp in it for Image generation.
  This E.jsp retrieve vector from session and generate a image and reurn to D.jsp
  Now my problem is that session in B.servlet and D.jsp are same but a new session in created in E.jsp so image is null as it could get data from vector which is null.
  I put System.out.println(session.getId()) in each servlet and jsp so to get thier ID's.
  This is working fine in my system with Tomcat 3.2 but on web the new session is created for E.jsp
  I am calling E.jsp like this
  <img src=<%=response.encodeURL("/iscap/report/jspChart.jsp")%> alt="generation image" width="400" height="350" border="1">
  I am making page session=true in each jsp and also puttting request.getSession(false);
  but still E.jsp is getting new session.I tried eliminating each one and made all combination that could be possible but not effect.
  How Can I solve this problem on the web where I have to load this?
  Do I have to make setting in context .
  payal sharma

  Hi,
  If you have been using jspChart v 1.00 :
  As shown in the modified , attached PPT :
  I will be displaying a bar chart. The length of bar chart is obatined from Sybase database. This chart should be dynamically created depending on the value on
  the database and x -axis is exponential.
  This will be displayed on a HTML page.
  1. I want to know whether,the values can be obtained the values from Sybase database ?
  If so, what are the changes.
  2. can you tell me the steps to install and run the jspchart v 1.00 on Jrun or any server please.
  Any thing else, I need to install like SAX , JCLARK. I am getting errors in this. PL HELP.
  3. Is it possible to plot "Exponential values" in the Y-axis. like 0 - 100- 1000 - 10000 - 100000
  and the length of the Bar should automaticall be coloured till that Point as shown in the Power point attached.
  If not, any suggestions to use any other software.
  Thanks in advance.
  [email protected]

• Sessions problem when deploying to AS 10g (10.1.2.0.2)

  Hello,
  I have a very simple Web Application where I have isolated an issue I have found. The application works fine when executed in JDeveloper 10g (10.1.2.2) but it does not work when deployed in the AS 10g (10.1.2.0.2). My Platform is Windows XP Professional x64.
  The application has been created in JDeveloper (New &gt;&gt; Web Project) and contains:
  - a simple jsp page (main.jsp) displaying a dummy message,
  - a simple filter class (authFilter.java) which only has the following code in the doFilter method:
  HttpServletRequest hreq = (HttpServletRequest)request;
  System.out.println("*** session id = " + hreq.getSession().getId());
  System.out.println("*** requested session id = " + hreq.getRequestedSessionId());
  - a web deployment descriptor (web.xml) where the reference to the filter has been added:
  &lt;filter&gt;
  &lt;filter-name&gt;Filter1&lt;/filter-name&gt;
  &lt;filter-class&gt;myfilters.authFilter&lt;/filter-class&gt;
  &lt;/filter&gt;
  &lt;filter-mapping&gt;
  &lt;filter-name&gt;Filter1&lt;/filter-name&gt;
  &lt;url-pattern&gt;*.jsp&lt;/url-pattern&gt;
  &lt;/filter-mapping&gt;
  When running this inside JDeveloper, the output is the following:
  08/12/09 17:54:03 *** session id = ac1663b9231c2936edded7df423f9161c223ee0d4246
  08/12/09 17:54:03 *** requested session id = null
  08/12/09 17:54:08 *** session id = ac1663b9231c2936edded7df423f9161c223ee0d4246
  08/12/09 17:54:08 *** requested session id = ac1663b9231c2936edded7df423f9161c223ee0d4246
  08/12/09 17:54:10 *** session id = ac1663b9231c2936edded7df423f9161c223ee0d4246
  08/12/09 17:54:10 *** requested session id = ac1663b9231c2936edded7df423f9161c223ee0d4246
  Each time I reload the page in the browser I get two messages where the session id and the requested session id are equal and the same.
  However, when running the application inside the AS, the output is the following (taken from the opmn/logs/OC4J~my_component~default_island~1):
  08/12/09 17:56:58 *** session id = ac16322030d6da9410e6348449449a4cf1f0e65956cf
  08/12/09 17:56:58 *** requested session id = null
  08/12/09 17:57:01 *** session id = ac16322030d6bc42fa22332e41818aa6ece1fd371361
  08/12/09 17:57:01 *** requested session id = null
  08/12/09 17:57:02 *** session id = ac16322030d60895af4c8cc44aef9ff6e6e3b3fd2e04
  08/12/09 17:57:02 *** requested session id = null
  That is, each time the page is reloaded, a new session is created.
  This problem is actually blocking me since I would like to use the session to store some data used for authentication in the filter (dynamic credentials). As a new session is being created for each access, the data stored in the session is lost and users cannot log on the application.
  Thank you in advance,
  Jorge.
  Edited by: Jorge Pacios on 10-dic-2008 0:31
  Platform information added.

  It couldn't be such difficult.
  I have the jar's, the drivers in, the jdbc url connection as
  url="jdbc:oracle:thin:[USERNAME/PASSWORD]@IP:PORT:SID"/>
  Also I can connect via sqlplus with this string conn.
  The main error I get is
  "Cannot lookup jdbc datasource.
  The process domain was unable to lookup the TX datasource "jdbc/BPELServerDataSource"."

• Session problem in servlet??

  hello,
  i have made a simple shopping cart which goes through the
  following stage:
  1st stage:
  // Additions to the shopping cart
  HttpSession clientSession = request.getSession( true );
  ShoppingCart vBasket = (ShoppingCart)clientSession.getValue("thecart");
  if ( vBasket == null ){
  System.out.println("NO CART");
  vBasket = new ShoppingCart();
  clientSession.putValue("thecart", vBasket);
  System.out.println("MADE THE CART");
  vBasket.add(the_item);
  // at this stage, the items are being added to a hashtable
  2nd stage:
  HttpSession clientSession = request.getSession(false);
  System.out.println("GOT THE SESSION");
  ShoppingCart vBasket = (ShoppingCart)clientSession.getValue("thecart");
  if ( vBasket == null ){
  System.out.println("CART HASN'T BEEN MADE!!");
  throw new Exception();
  // At this stage, the object of the ShoppingCart class still has null value even if in the existing session the ShoppingCart has been made at stage 1. Any idea why this is happening??
  thanks
  Richard

  i believe that if u declare the writer before u get the session you may have problem like yours (happened to me). so make sure to get the session before instantiate your (response)writer.

• User self registration  - session problem?

  I have created a form which lets users register by themselves.
  The form calls a stored procedure which creates the user - sofar
  everything works ok. At the very end of the procedure I want to
  automatically login the user and direct him to the main page.
  That fails with a 'Page not found' error in the browser.
  i have done a lot of debugging and everything looks ok, the user
  is created. I can log in as the new user if I close the browser
  and restart it. I suspect I loose the session because the
  procedure that creates the user uses a set_context call to be
  able to work:
  portal30.wwctx_api.set_context(p_user_name
  => 'PORTAL30',
  p_password
  => 'PORTAL30');
  foo := wwsec_api.add_portal_user(p_user_name =>
  username,
  p_first_name =>
  first_name,
  p_last_name =>
  last_name,
  p_work_phone =>
  phone,
  p_organization =>
  organization,
  p_db_user => null,
  p_portal_user
  => 'Y');
  portal30.wwctx_api.clear_context;
  (I have a clear_context which I hoped should take me back to the
  original session)
  At the very end of the registration procedure I call the login
  function to log in the user:
  portal30.wwptl_login.login_url(ssousername =>
  username,
  password => password,
  p_requested_url =>
  url,
  p_cancel_url
  => 'http://myserver.com/');
  The browser is taken to this URL:
  http://myserver.com/pls/portal30/!
  PORTAL30.wwa_app_module.accept
  and the following error message is shown in the browser:
  Page Not Found...
  Anyone got any idea what might be the problem and what to do
  about it, or how to debug it???

  I managed to grant execute on the package using SQL/Plus as you
  suggested - but I'm still having problems. Using the following
  code:
  portal30.wwctx_api.set_context(p_user_name => 'PORTAL30',
       p_password => 'PORTAL30');
  my_special_procedure;
  portal30.wwctx_api.clear_context;
  -- Create a new session for the user
  portal30.WWCTX_SSO.clear_sso_session(sess_id);
  v_sess_id := portal30.WWCTX_SSO.set_sso_session(
  p_user_name => username,
  p_db_user => username,
  p_nls_language => 'us',
  p_http_language => 'en',
  p_nls_territory => null,
  p_trans_language => null,
  p_start_time => sysdate,
  p_active => 1,
  p_ip_address => v_ip_address,
  p_id => null,
  p_is_logged_on => false);
  No luck - no pages can be viewed. Have to restart the browser to
  get back to portal.
  I've also played around with some other functions in the
  WWCTX_SSO package, like create_session, but still no luck.

• JSF & Tomcat 5 session problems

  I am implemeting a web application using JSF and tomcat authentication. The problem is that tomcat is losing the session when I hit refresh on any of the pages which are marked as havign a security constraint.
  e.g. you go to index.html -> takes you to login.jsp (as you need to log in first), you log in successfuly and go to index.html, you hit refresh and get taken back to login.jsp.
  Any help would be much appreciated.
  If anyone has implementign an app using tomcat authentication and jsf, I would be grateful if they could tell me how they are managing to overcome this issue.

  I have a similar question, but not about session timeout, but managing the data within your session. In our previous homegrown JSP Model 2 Framework, we had various methods in place to cleanup the session for a page (essentially allowing you to cleanup the managed beans after you were done with a page). Due to constant activity, the sessions never timeout, but there is "dead" data in the session. How would you do this in JSF? For example, lets say you go through a wizard set of screens, where once complete, you don't want the managed beans to exist in the session anymore. Where would you tap into the JSF lifecycle to do this?
  Thanks in advance,
  Dave