False authentication sessions problem
Hello,
I observe undesirable behavior of my Cisco 3560 switches, which keep authentication sessions for devices that are currently not connected to the network.
To be precise, I mean the sessions relating to the devices that haven't been successfully authenticated and as the result the switch is trying to re-authenticate it. The problem shows up when the device is no longer connected to the network, but switch is still keeping that authentication session (ineffectively trying to authenticate the device that is no longer connected).
For example - int fa0/37 - on that interface is connected 6 devices, while current authentication sessions are 36:
SW1#sh clock
16:54:10.793 CEST Fri Jun 7 2013
SW1#sh mac add int Fa0/37
Mac Address Table
Vlan Mac Address Type Ports
82 0012.3fb9.5b3f STATIC Fa0/37
82 28d2.4408.0f31 DYNAMIC Fa0/37
82 28d2.4408.10d9 DYNAMIC Fa0/37
82 28d2.4408.1440 DYNAMIC Fa0/37
82 28d2.4408.39dc DYNAMIC Fa0/37
82 6cf0.4929.4aa8 DYNAMIC Fa0/37
Total Mac Addresses for this criterion: 6
SW1#sh auth sess | i 0/37
Fa0/37 f0de.f15f.3332 N/A DATA Authz Failed 0ACA022A000004751725F612
Fa0/37 28d2.4401.8591 N/A DATA Authz Failed 0ACA022A000005AE9C6AB46B
Fa0/37 0024.1dab.5943 N/A DATA Authz Failed 0ACA022A0000008B630B988D
Fa0/37 0024.1d0b.bd9d dot1x DATA Running 0ACA022A000005867DC8BA06
Fa0/37 28d2.4408.0f31 dot1x DATA Running 0ACA022A000005C2AC8D0728
Fa0/37 f0de.f152.2266 N/A DATA Authz Failed 0ACA022A000000DE8CD63254
Fa0/37 0021.86ff.b4f2 N/A DATA Authz Failed 0ACA022A000005495F07FBBD
Fa0/37 f04d.a251.6135 mab DATA Authz Failed 0ACA022A0000043D0D549EA9
Fa0/37 28d2.4408.1440 dot1x DATA Running 0ACA022A000005C1AC8CD8D3
Fa0/37 0021.ccd8.095c dot1x DATA Running 0ACA022A000004781740E560
Fa0/37 5cf9.dd41.6a35 mab DATA Authz Failed 0ACA022A0000044E11EA7A95
Fa0/37 0012.3fb9.5b3f dot1x DATA Authz Success 0ACA022A0000003924E5D007
Fa0/37 5cf9.dd41.6c06 mab DATA Authz Failed 0ACA022A0000044F11EF1A3B
Fa0/37 0021.cc6e.3db3 dot1x DATA Running 0ACA022A000004A921E704A2
Fa0/37 0021.ccd0.1487 N/A DATA Authz Failed 0ACA022A00000479175405FF
Fa0/37 0021.ccd7.e67f dot1x DATA Running 0ACA022A0000055E6012F3D3
Fa0/37 28d2.4407.209d N/A DATA Authz Failed 0ACA022A0000045012089F38
Fa0/37 0011.4302.d91b N/A DATA Authz Failed 0ACA022A000004A721363771
Fa0/37 28d2.4408.10d9 dot1x DATA Running 0ACA022A000005C0AC8CAB1D
Fa0/37 0013.72ca.549e N/A DATA Authz Failed 0ACA022A0000009F6D129B84
Fa0/37 28d2.4406.28e2 N/A DATA Authz Failed 0ACA022A00000376D9E4E000
Fa0/37 0024.7e10.ef3a N/A DATA Authz Failed 0ACA022A0000003B254891A7
Fa0/37 0026.1823.fa2f dot1x DATA Running 0ACA022A000000D3872D60E0
Fa0/37 3c97.0e83.f722 N/A DATA Authz Failed 0ACA022A000003DFE8AB9EB6
Fa0/37 70f3.9513.c315 dot1x DATA Running 0ACA022A0000050540434445
Fa0/37 6cf0.4929.4aa8 N/A DATA Authz Failed 0ACA022A0000003A24E64567
Fa0/37 001d.7284.4cae dot1x DATA Running 0ACA022A0000008C63D0E95F
Fa0/37 70f3.9513.c420 N/A DATA Authz Failed 0ACA022A00000103B00B97CC
Fa0/37 28d2.4408.39dc dot1x DATA Running 0ACA022A000005C3AC8D33D2
Fa0/37 0013.72b8.ec0b dot1x DATA Running 0ACA022A0000056D695D4C5D
Fa0/37 5cf9.dd41.6c80 mab DATA Authz Failed 0ACA022A000004360D108AA4
Fa0/37 000f.1fe4.6f9f N/A DATA Authz Failed 0ACA022A000000E39161ABC9
Fa0/37 001e.3736.9a6a N/A DATA Authz Failed 0ACA022A000004831C16033E
Fa0/37 0024.7eda.ab58 N/A DATA Authz Failed 0ACA022A0000030ED4955421
Fa0/37 28d2.4402.4bbf N/A DATA Authz Failed 0ACA022A0000005139D52E1E
Fa0/37 0018.8b0c.7882 N/A DATA Authz Failed 0ACA022A000004CC30DD0119
SW1#sh clock
16:54:21.891 CEST Fri Jun 7 2013
SW1#
Only the "clear authentication sess session-id …" executed for that "hanging" session causes its removal:
SW1#clear auth sess sess 0ACA022A000004CC30DD0119
SW1#clear auth sess sess 0ACA022A0000005139D52E1E
SW1#clear auth sess sess 0ACA022A0000030ED4955421
SW1#clear auth sess sess 0ACA022A000004831C16033E
SW1#clear auth sess sess 0ACA022A000000E39161ABC9
SW1#sh auth sess | i 0/37
Fa0/37 f0de.f15f.3332 N/A DATA Authz Failed 0ACA022A000004751725F612
Fa0/37 28d2.4401.8591 N/A DATA Authz Failed 0ACA022A000005AE9C6AB46B
Fa0/37 0024.1dab.5943 N/A DATA Authz Failed 0ACA022A0000008B630B988D
Fa0/37 0024.1d0b.bd9d N/A DATA Authz Failed 0ACA022A000005867DC8BA06
Fa0/37 28d2.4408.0f31 dot1x DATA Running 0ACA022A000005C2AC8D0728
Fa0/37 f0de.f152.2266 N/A DATA Authz Failed 0ACA022A000000DE8CD63254
Fa0/37 0021.86ff.b4f2 N/A DATA Authz Failed 0ACA022A000005495F07FBBD
Fa0/37 f04d.a251.6135 mab DATA Authz Failed 0ACA022A0000043D0D549EA9
Fa0/37 28d2.4408.1440 dot1x DATA Running 0ACA022A000005C1AC8CD8D3
Fa0/37 0021.ccd8.095c dot1x DATA Running 0ACA022A000004781740E560
Fa0/37 5cf9.dd41.6a35 mab DATA Authz Failed 0ACA022A0000044E11EA7A95
Fa0/37 0012.3fb9.5b3f dot1x DATA Authz Success 0ACA022A0000003924E5D007
Fa0/37 5cf9.dd41.6c06 mab DATA Authz Failed 0ACA022A0000044F11EF1A3B
Fa0/37 0021.cc6e.3db3 dot1x DATA Running 0ACA022A000004A921E704A2
Fa0/37 0021.ccd0.1487 dot1x DATA Running 0ACA022A00000479175405FF
Fa0/37 0021.ccd7.e67f dot1x DATA Running 0ACA022A0000055E6012F3D3
Fa0/37 28d2.4407.209d dot1x DATA Running 0ACA022A0000045012089F38
Fa0/37 0011.4302.d91b N/A DATA Authz Failed 0ACA022A000004A721363771
Fa0/37 28d2.4408.10d9 dot1x DATA Running 0ACA022A000005C0AC8CAB1D
Fa0/37 0013.72ca.549e N/A DATA Authz Failed 0ACA022A0000009F6D129B84
Fa0/37 28d2.4406.28e2 dot1x DATA Running 0ACA022A00000376D9E4E000
Fa0/37 0024.7e10.ef3a N/A DATA Authz Failed 0ACA022A0000003B254891A7
Fa0/37 0026.1823.fa2f dot1x DATA Running 0ACA022A000000D3872D60E0
Fa0/37 3c97.0e83.f722 N/A DATA Authz Failed 0ACA022A000003DFE8AB9EB6
Fa0/37 70f3.9513.c315 dot1x DATA Running 0ACA022A0000050540434445
Fa0/37 6cf0.4929.4aa8 N/A DATA Authz Failed 0ACA022A0000003A24E64567
Fa0/37 001d.7284.4cae dot1x DATA Running 0ACA022A0000008C63D0E95F
Fa0/37 70f3.9513.c420 N/A DATA Authz Failed 0ACA022A00000103B00B97CC
Fa0/37 28d2.4408.39dc dot1x DATA Running 0ACA022A000005C3AC8D33D2
Fa0/37 0013.72b8.ec0b dot1x DATA Running 0ACA022A0000056D695D4C5D
Fa0/37 5cf9.dd41.6c80 mab DATA Authz Failed 0ACA022A000004360D108AA4
SW1#sh clock
17:08:54.372 CEST Fri Jun 7 2013
SW1#
SW1#sh ver
Cisco IOS Software, C3560 Software (C3560-IPBASEK9-M), Version 12.2(55)SE7, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2013 by Cisco Systems, Inc.
Compiled Mon 28-Jan-13 10:10 by prod_rel_team
Image text-base: 0x01000000, data-base: 0x02D00000
Could anyone tell me what is the reason of that switch behavior and what needs to be done to prevent that kind of situation?
I also use Identity Service Engine 1.1.1 and 802.1x authentication. "sh dot1x interface fa0/37 details" in attachment.
If you need anything, don’t hesitate to ask me, please.
I would sincerely appreciate your consideration of this matter.
Best regards!
Hello Richard,
thank you so much for replying.
Actually all the switches are configured as following:
interface FastEthernet0/37
switchport access vlan 18
switchport mode access
switchport nonegotiate
switchport voice vlan 24
qos trust dscp
authentication event fail action next-method
authentication host-mode multi-auth
authentication order mab dot1x
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
mab
auto qos voip trust
dot1x pae authenticator
tx-queue 3
priority high
shape percent 33
spanning-tree portfast
service-policy output autoqos-voip-policy
Is there something wrong with the port config?
Looking forward to hearing from you.
Regards!
Similar Messages
-
Authentication Session Problem in iPAD
Hi!
I'm facing a very strange problem with Wifi authentication on iPAD. When I start my iPAD, it detects the network correctly, gets IP and other info using DHCP and as set up in my environment, a page asking user to authenticate would be pushed to the user. We enter user name and password and it starts woking. However, within 3-5 minutes, the same authentication page would reappear as if the WiFi connection got dropped. After good amount of work on the issue I'm almost sure that the isssue is not with APs and other parts of my infrastructure as all other devices work fine. My WiFi authentication is controlled by a UTM - "Cyberoam" which is in use for roughly ~5 years on a network comprising more than ~2500 machines. Just to be sure myself, I tried even changing the Cisco APs with Ruckus.
I tried upgrading my iPAD OS from 3.3.3 to 4.3.2. Having failed to got the expected result, I restored my iPAD as well. However, problem remains unsolved.
Removing the authentication on the WiFi segment makes the connection work smoothly!!
Any clues?Hi,
If you have been using jspChart v 1.00 :
As shown in the modified , attached PPT :
I will be displaying a bar chart. The length of bar chart is obatined from Sybase database. This chart should be dynamically created depending on the value on
the database and x -axis is exponential.
This will be displayed on a HTML page.
1. I want to know whether,the values can be obtained the values from Sybase database ?
If so, what are the changes.
2. can you tell me the steps to install and run the jspchart v 1.00 on Jrun or any server please.
Any thing else, I need to install like SAX , JCLARK. I am getting errors in this. PL HELP.
3. Is it possible to plot "Exponential values" in the Y-axis. like 0 - 100- 1000 - 10000 - 100000
and the length of the Bar should automaticall be coloured till that Point as shown in the Power point attached.
If not, any suggestions to use any other software.
Thanks in advance.
[email protected] -
IP address unknown "show authentication session interface"
Hi,
I have the following issue:
Several hosts on a specific VLAN cannot reach a VNC server which is located in the same VLAN. All the ports are running 802.1X and hosts are authenticated based on certificate.
The hosts that have the issue are always authenticated with success and a "show authentication session interface <INT-NAME>" shows the following output for a client:
SWl#sh authentication sessions interface g1/0/42
Interface: GigabitEthernet1/0/42
MAC Address: 4437.e668.9896
IP Address: Unknown
Status: Authz Success
Domain: DATA
Oper host mode: multi-domain
Oper control dir: both
Authorized By: Authentication Server
Vlan Policy: 100
Session timeout: N/A
Idle timeout: N/A
Common Session ID: 0000000000000AA09F7A3843
Acct Session ID: 0x00000CD7
Handle: 0x2D000AA0
The server:
SW#sh authentication sessions interface g2/0/43
Interface: GigabitEthernet2/0/43
MAC Address: 4437.e68a.4048
IP Address: 10.10.10.254
Status: Authz Success
Domain: DATA
Oper host mode: multi-domain
Oper control dir: both
Authorized By: Authentication Server
Vlan Policy: 100
Session timeout: N/A
Idle timeout: N/A
Common Session ID: 00000000000008DC576F3B64
Acct Session ID: 0x000009CB
Handle: 0x200008DC
If I do a "clear authentication sessions interface g1/0/42" on one of the client port then the IP address is not unknown anymore:
SW#sh authentication sessions interface g1/0/42
Interface: GigabitEthernet1/0/42
MAC Address: 4437.e668.9896
IP Address: 10.10.10.20
Status: Authz Success
Domain: DATA
Oper host mode: multi-domain
Oper control dir: both
Authorized By: Authentication Server
Vlan Policy: 100
Session timeout: N/A
Idle timeout: N/A
Common Session ID: 0000000000000E63AA195FED
Acct Session ID: 0x000010A6
Handle: 0x92000E63
Then the client can connect to the server without any issues. Does anyone has a solution to fix this issue?
All port are configured the same (client and server) and DHCP snooping is runing for the authenticated VLAN (100):
interface GigabitEthernet1/0/42
switchport access vlan 999
switchport mode access
switchport nonegotiate
switchport block multicast
switchport block unicast
switchport port-security maximum 4
switchport port-security
switchport port-security violation restrict
ip arp inspection limit rate 50
authentication host-mode multi-domain
authentication port-control auto
mab
dot1x pae authenticator
dot1x timeout tx-period 5
storm-control broadcast level 5.00
storm-control action shutdown
no vtp
ip dhcp snooping limit rate 50
Platform: cisco WS-C3750X-48P
IOS: c3750e-universalk9-mz.122-55.SE3.bin
Authentication Server: Cisco ISE
Best regards,
LaurentHi Tarik,
Is this command used in combination with dot1x? The switch is running DHCP snooping so the MAC/IP/VLAN should already be present in the DHCP snooping database, no?
I would like to understand what is causing the problem and how this command can solve it
Regards,
Laurent -
Checkbox for authenticated sessions missing in 3.6.3
I am a tech support person for users of Blackboard CE8, an online learning management system. We have told users of earlier Firefox versions to "Clear Private Data" and then check a box for authenticated sessions in order enable certain features of Blackboard. Now, it's "Clear Recent History" which I've done (again and again). There is nothing in 3.6.3 that pertains directly to "authenticated sessions." What, then, is the troubleshooting step in 3.6.3 that is *equivalent* to checking the box for authenticated sessions?
We ran this solution past the user with this problem, and it didn't take. We also tried these steps to ream out Java on the user's computer. (See the list of steps below). It still didn't take.
1. With no programs open, remove all versions of Java: Go to the Start menu, and choose Control Panel.
2. Open Add/Remove Programs (for Windows XP) or Uninstall Program (for Windows VISTA)
3. Remove ALL instances of Java.
4. Close all windows.
5. Install current version of Java: go to http://www.java.com/en/download/manual.jsp
6. Click the link Windows 7/XP/Vista/2000/2003/2008 Online ( http://javadl.sun.com/webapps/download/AutoDL?BundleId=39502 )
7. Choose Run and follow instructions to install Java.
8. After installation, open Firefox and go to your course.
9. Be sure that popups are enabled in your browser or disable your popup blocker.
10. If you receive a Security Alert popup window, choose "Always trust content from this publisher" and then press Run.
11. You can now try to browse your computer to add an attachment, to see if you can see the My Files icon.
We have since advised the user to try using Internet Explorer 8, which is certified for use with Blackboard CE8. This is clearly not a desirable option from Firefox perspective. -
Java Session problem while sending mail(using javamail) using Pl/SQL
Hello ...
i am using Java stored procedure to send mail. but i'm getting java session problem. means only once i can execute that procedure
pls any help.props.put("smtp.gmail.com",host);I doubt javamail recognizes the 'smtp.gmail.com' property. I think it expects 'mail.host'. Of course since it cannot find a specified howt it assumes by default localhost
Please format your code when you post the next time, there is a nice 'code' button above the post area.
Mike -
Session problem in jsp application
I face a session problem. I setting everything in a session and when pass back to a main page, the value is not display in the screen. But after refresh the value will display in the screen and this kind of problem only come out very few time and i dun knw how to solve this...
Anyone here can give me some idea and suggestion or the way to solve this kind of problem!!!define "2 different clients"
1) You have 2 different PCs and it's using the same session ID for both? I doubt this. I think the server is advanced enough not to use give a session ID that's already been created.
2) You have 1 PC and are using IE or Netscape and using File > New Window to open a new window and connect again. This you can't fix without using only URL rewriting to manage session, because the different windows will share the same session cookies. -
Multiple browsers open causes authentication or session problems
Hi Folks,
I have a strange problem. It's strange to me in any case as I'm primarily a back-end guy so I am not an expert on some of the web features of APEX. I have built an application that accesses many remote databases through database links. I open 4 instances of IE6, each is handed a seperate session id as can be seen in the url. The user provides the db name, user and password in the login page. I authenticate by creating a custom auth procedure which creates a temporary database link to test whether the user and password provided is correct for the chosen database. If correct, I authenticate. With 4 instances, this all works fine. Then I'm redirected to the first page in my application which runs a query against the remote database selected at login. ( table@db_link). If I hit the button to submit the query on the 4 browsers, the 4th one reverts me to the login page as if I am not authenticated. This does not seem to happen if I open 4 browsers on 4 different computers all accessing the APEX application.
Has anyone experienced similar issues or does anyone know if there is some limit on how many sessions from the one computer can be handled. I thought initially that it might have been an issue with some spfile parameters but I'm thinking now that it must be either how APEX handles requests from the same machine or some network/http issue? As I said, when it come to http sessions etc, I am no guru!!
Thanks for any help!Sounds like those browser windows are using the same OS process. Did you start them with CTRL-N ? Try starting them from the Start menu. If they aren't using separate processes they'll share cookies and that would result in the kinds of things you described.
Scott -
I am having a problem with getSession(false) method. For some reasone
when I do this:
doGet(.....){
HttpSession tmpsession = req.getSession(false);
RequestDispatcher dpatch =
this.getServletContext().getRequestDispatcher("/welcome.jsp");
dpatch.forward(req, res);
Even if tmpsession is null, my web browser tells me that the servlet is
trying to set a cookie. But the problem is that if I do accept the
cookie, next time I tried to access the same page, the servlet thinks
that there is already a session.
Has anyone seen this problem?
James Yuan Direct: 415-399-7274
Weblogic can be configured to automatically create a session. Check your properties file
for the value of weblogic.httpd.session.enable. If set to true, a session will be
automatically created for the user.
Guy
James Yuan <[email protected]> wrote:
> I am having a problem with getSession(false) method. For some reasone
> when I do this:
> doGet(.....){
> ...
> HttpSession tmpsession = req.getSession(false);
> .....
> ....
> RequestDispatcher dpatch =
> this.getServletContext().getRequestDispatcher("/welcome.jsp");
> dpatch.forward(req, res);
> }
> Even if tmpsession is null, my web browser tells me that the servlet is
> trying to set a cookie. But the problem is that if I do accept the
> cookie, next time I tried to access the same page, the servlet thinks
> that there is already a session.
> Has anyone seen this problem?
> --
> /-----------------------------------------\
> James Yuan Direct: 415-399-7274
-
Authentication & Session Management questions
Hi. Apex 2.2.1. I'm going crazy trying to set up authentication for my application. I'd appreciate any pointers. My scenario is
Siteminder intercepts all calls to the application
User authenticates with Siteminder
If authenticated, Siteminder sets HTTP_SM_USER in the header
If not authenticated, then APEX is never called
Pull the user out of the header
Create a session if needed
Log the user in if needed
Redirect the user to the request page
I've followed the example that I've found in the forum and set up a page sentry function to create a session when the user first comes in. After that I try to verify that the session belongs to them. That's not working because wwv_flow_custom_auth_std.get_username never returns a value. I think that's because I'm not logging the user in to APEX. I can't figure out the difference between wwv_flow_custom_auth_std.post_login and wwv_flow_custom_auth_std.login. (it probably doesn't help that I inherited the application from some consultants that left a year ago and there is no documentation on it or even APEX here at my site).
MikeThanks, Scott. The problem is that it seems to keep looping. You can see from the log that it creates the session, then invalidates it, then creates it, etc.
Mike
debug log
384 1000 Enter 604 - 1 user MDHENDER session NOT valid
384 4000 session is NOT valid
384 4100 dn_network_id is acct\mdhender
384 5000 creating a new session
384 5010 created new session
384 6000 setting up follow up url
384 6010 follow up url is 604:1:
384 7000 register new session
384 7010 registered session
384 9000 clean exit
385 1000 Enter 604 - 1 user MDHENDER session valid
385 3000 session is valid 1707655438517376
385 3010 authenticated user MDHENDER cookie
385 3100 marker
385 3200 marker
386 1000 Enter 604 - 1 user MDHENDER session NOT valid
386 4000 session is NOT valid
386 4100 dn_network_id is acct\mdhender
386 5000 creating a new session
386 5010 created new session
386 6000 setting up follow up url
386 6010 follow up url is 604:1:
386 7000 register new session
386 7010 registered session
386 9000 clean exit
387 1000 Enter 604 - 1 user MDHENDER session valid
387 3000 session is valid 2743127946937676
387 3010 authenticated user MDHENDER cookie
387 3100 marker
387 3200 marker
Here is the code
<code>
CREATE OR REPLACE FUNCTION lmf_siteminder_page_sentry RETURN BOOLEAN IS
vAuthenticatedUsername VARCHAR2(512);
vCurrentSessionId NUMBER;
vDeclaredUser VARCHAR2(512);
vLogFlag VARCHAR2(1);
vMaxIdleMinutes NUMBER := 15;
vNextPage VARCHAR2(1024);
vTransNo NUMBER;
PROCEDURE log_msg(vFlag in varchar2,
vTransNo in number,
vSeqNo in number,
vMessage in varchar2) is
pragma autonomous_transaction;
BEGIN
IF vFlag = 'Y' THEN
insert into sm_debug_log
(transno, seqno, msg)
values
(vTransNo, vSeqNo, vMessage);
commit;
END IF;
EXCEPTION
WHEN OTHERS THEN
rollback;
raise;
END;
-- determine if the siteminder user is authorized
FUNCTION CheckAuthorizedUser(vUserName in varchar2) return boolean is
vDeclaredUser VARCHAR2(512);
BEGIN
-- verify that the user is supposed to have access to the application.
-- a quick check of the authorized users table will settle that question
select dn_network_id
into vDeclaredUser
from user_authorization
where UPPER(network_id) = UPPER(vUserName);
return true;
EXCEPTION
WHEN OTHERS THEN
return false;
END;
-- if the session cookie's user matches our authenticated user then
-- return true
FUNCTION CheckCookieUser(vUserName in varchar2) return boolean is
BEGIN
IF vAuthenticatedUsername = wwv_flow_custom_auth_std.get_username THEN
return true;
END IF;
return false;
END;
FUNCTION URLRedirect(vUrl IN varchar2) return boolean is
BEGIN
log_msg(vLogFlag, vTransNo, 9999, 'redirect => ' || vUrl);
owa_util.redirect_url(vUrl, true);
wwv_flow.g_unrecoverable_error := true;
return false;
END;
BEGIN
BEGIN
select debug, sm_seq_no.nextval
into vLogFlag, vTransNo
from sm_settings;
EXCEPTION
WHEN OTHERS THEN
vLogFlag := 'N';
END;
-- get authenticated user from siteminder. APEX may expect it
-- to be upper case
vAuthenticatedUsername := UPPER(lmf_siteminder_user());
IF wwv_flow_custom_auth_std.is_session_valid THEN
log_msg(vLogFlag,
vTransNo,
1000,
'Enter ' || v('APP_ID') || ' - ' || v('APP_PAGE_ID') ||
' user ' || nvl(vAuthenticatedUsername, '*null*') ||
' session valid');
ELSE
log_msg(vLogFlag,
vTransNo,
1000,
'Enter ' || v('APP_ID') || ' - ' || v('APP_PAGE_ID') ||
' user ' || nvl(vAuthenticatedUsername, '*null*') ||
' session NOT valid');
END IF;
-- no surprise here - let anyone view a page flagged as public
IF htmldb_custom_auth.current_page_is_public THEN
log_msg(vLogFlag, vTransNo, 1010, 'current page is public');
return true;
END IF;
-- redirect all unauthorized users to our no-access page
IF not CheckAuthorizedUser(vAuthenticatedUsername) THEN
-- send the user to our unathorized page
log_msg(vLogFlag,
vTransNo,
1100,
'unable to find dn_network_id for authenticated user ' ||
lmf_siteminder_user());
log_msg(vLogFlag,
vTransNo,
1110,
'try a redirect to ' || '/pls/apex/f?p=' || v('APP_ID') ||
':105:' || vCurrentSessionId || ':');
return URLRedirect('/pls/apex/f?p=' || v('APP_ID') || ':105:' ||
vCurrentSessionId || ':');
END IF;
-- use the current session if it is valid and assigned to
-- our authenticated user
IF wwv_flow_custom_auth_std.is_session_valid THEN
vCurrentSessionId := wwv_flow_custom_auth_std.get_session_id_from_cookie;
log_msg(vLogFlag,
vTransNo,
3000,
'session is valid ' || vCurrentSessionId);
log_msg(vLogFlag,
vTransNo,
3010,
'authenticated user ' || vAuthenticatedUsername || ' cookie ' ||
wwv_flow_custom_auth_std.get_username);
-- if the session cookie's user matches our authenticated user then
-- accept it and proceed with displaying the page
IF CheckCookieUser(vAuthenticatedUsername) THEN
wwv_flow_custom_auth.define_user_session(p_user => vAuthenticatedUsername,
p_session_id => vCurrentSessionId);
return true;
END IF;
log_msg(vLogFlag, vTransNo, 3100, 'marker');
-- the names do not match. assume that someone hijacked the session.
-- invalidate it and bump them out
-- Unset the session cookie and redirect back here to take other branch
wwv_flow_custom_auth_std.logout(p_this_flow => v('APP_ID'),
p_next_flow_page_sess => v('APP_ID') || ':' ||
nvl(v('APP_PAGE_ID'),
0) || ':' ||
vCurrentSessionId);
wwv_flow.g_unrecoverable_error := true;
log_msg(vLogFlag, vTransNo, 3200, 'marker');
-- tell APEX that we are not pleased
return false;
END IF;
log_msg(vLogFlag, vTransNo, 4000, 'session is NOT valid');
-- we did not have a valid session so verify that the user is supposed
-- to access our application. a quick check of the authorized users
-- table will settle that question for us
BEGIN
select dn_network_id
into vDeclaredUser
from user_authorization
where UPPER(network_id) = vAuthenticatedUsername;
log_msg(vLogFlag, vTransNo, 4100, 'dn_network_id is ' || vDeclaredUser);
EXCEPTION
WHEN NO_DATA_FOUND THEN
-- send the user to our unathorized page
log_msg(vLogFlag,
vTransNo,
4900,
'unable to find dn_network_id for authenticated user ' ||
vDeclaredUser);
log_msg(vLogFlag,
vTransNo,
4910,
'try a redirect to ' || '/pls/apex/f?p=' || v('APP_ID') ||
':105:' || vCurrentSessionId || ':');
return URLRedirect('/pls/apex/f?p=' || v('APP_ID') || ':105:' ||
vCurrentSessionId || ':');
END;
-- create new session
log_msg(vLogFlag, vTransNo, 5000, 'creating a new session');
wwv_flow_custom_auth.define_user_session(p_user => vAuthenticatedUsername,
p_session_id => wwv_flow_custom_auth.get_next_session_id);
log_msg(vLogFlag, vTransNo, 5010, 'created new session');
wwv_flow.g_unrecoverable_error := true;
-- set cookie
-- set the followup URL to page 1
log_msg(vLogFlag, vTransNo, 6000, 'setting up follow up url');
vNextPage := to_char(wwv_flow.g_flow_id) || ':1:';
log_msg(vLogFlag, vTransNo, 6010, 'follow up url is ' || vNextPage);
--wwv_flow_custom_auth.remember_deep_link(p_url => vNextPage);
--log_msg(vLogFlag, vTransNo, 6020, 'completed follow up url');
--IF owa_util.get_cgi_env('REQUEST_METHOD') = 'GET' THEN
-- wwv_flow_custom_auth.remember_deep_link(p_url => 'f?' ||
-- wwv_flow_utilities.url_decode2(owa_util.get_cgi_env('QUERY_STRING')));
--ELSE
-- wwv_flow_custom_auth.remember_deep_link(p_url => 'f?p=' ||
-- to_char(wwv_flow.g_flow_id) || ':' ||
-- to_char(nvl(wwv_flow.g_flow_step_id,
-- 0)) || ':' ||
-- to_char(wwv_flow.g_instance));
--END IF;
-- register new session with the application
log_msg(vLogFlag, vTransNo, 7000, 'register new session');
if 0 < 1 then
wwv_flow_custom_auth_std.post_login(p_uname => vAuthenticatedUsername,
p_flow_page => vNextPage);
log_msg(vLogFlag, vTransNo, 7010, 'registered session');
else
wwv_flow_custom_auth_std.login(P_UNAME => vAuthenticatedUsername,
P_PASSWORD => 'dummy',
P_SESSION_ID => v('APP_SESSION'),
P_FLOW_PAGE => v('APP_ID') || ':1');
log_msg(vLogFlag, vTransNo, 7011, 'registered session');
end if;
if 0 > 1 then
owa_util.mime_header('text/html', FALSE);
owa_cookie.send(name => 'LOGIN_USERNAME_COOKIE',
value => vAuthenticatedUsername,
expires => null,
path => '/',
secure => 'yes');
owa_cookie.send(name => 'HTMLDB_IDLE_SESSION',
value => to_char(sysdate + (vMaxIdleMinutes / 1440),
'DD-MON-YYYY HH24:MI:SS'),
expires => null,
path => '/',
secure => 'yes');
end if;
log_msg(vLogFlag, vTransNo, 9000, 'clean exit');
-- tell htmldb engine to quit
return false;
EXCEPTION
WHEN OTHERS THEN
return false;
END;
</code> -
We have an application developed in Jdev 10.1.3.4 (JSP, Struts, ADF BC) and running on OAS. Now we have a big problem with session, hope somebody can help with some ideas.
We set session time to 45 min in the web.xml. The problem is that sometimes some user work on a page with form,for instance performing some edit activity. If he/she leave the page open inactive for more than 45 minutes and come back from lunch, press the ’save’ button, the application would then commit the change to the wrong row in database, most probably the top row in the View Object(VO) instance. This is because the application module actually does a rollback when session expires, it loses all user data.(e.g. row currency in VO instance).
To avoid saving wrong data to the wrong place, we implemented a session Filter(see att. Below: ApplicationSessionExpiryFilter.java) to catch session time-out and forward request to an error page alerting user that their session has expired due to long time of inactivity. The Filter works as it should but it gives another problem. If user already has one of our application page open for very long time and open another page in a new browser (e.g. click a link from an email), he/she will get session-expire error immediately in the new browser. I guess it is because the session in the first browser already expires and the newly opened the browser shares the same session with the first one. That is how browsers works, we can do nothing about it.
But our users are of course not very happy about getting the session errors in a newly opened browser. So we tried implementing a heartbeat funtion in AJAX(see att. Below: Heartheat.html and Template.jsp) to keep the session alive until the page is closed. Basically what we do is adding an invisible div tag in every jsp page and invoke AJAX funtion to periodically update the div tag with a small html page. In this way, a request is being sent to the server every 5 minutes thus the session should be kept alive until the page/browser is closed.
It sounds to us like a very logical solution but it doesn’t work very properly. We sometimes still get the session error page immediately after opening a new page while we have another page open for long time.
Could anyone please help to look at our Filter and heatbeat funtion? Is there anything wrong with our Filter or the heartbeat? Why does the session still expire before we close the page?
All we do here is to try to avoid the initial probelm with saving data after session and the application module expires. If anyone has a better solution to this problem, we would very much like to try. Appreciate if anyone can share some ideas!
Thanks in advance!
*1. ApplicationSessionExpiryFilter.java*
public class ApplicationSessionExpiryFilter implements Filter {
private FilterConfig _filterConfig = null;
public void init(FilterConfig filterConfig) throws ServletException {
_filterConfig = filterConfig;
public void destroy() {
_filterConfig = null;
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest httpRequest = (HttpServletRequest)request;
boolean sessionInvalid = false;
if(httpRequest.getRequestedSessionId() != null) {
if(!httpRequest.isRequestedSessionIdValid()) {
if (!httpRequest.getRequestURI().endsWith("sessionExpired.do")) {
sessionInvalid = true;
if (sessionInvalid) {
((HttpServletResponse) response).sendRedirect(_filterConfig.getInitParameter("SessionTimeoutRedirect"));
else {
chain.doFilter(request, response);
*2. Heartheat.html* (A small html page to be invoked by template.jsp periodically)
<html>
<head>
<META Http-Equiv="Cache-Control" Content="no-cache, must-revalidate">
<META Http-Equiv="Pragma" Content="no-cache">
<META Http-Equiv="Expires" Content="Expires: Mon, 26 Jul 1997 05:00:00 GMT">
</head>
<body>
heartbeat to keep session alive!
</body>
</html>
*3. Template.jsp* (Template page to be extended by all jsp pages, invoke heart.html every 5 min)
<Html>
<body>
<div id="heartbeat" style="display:none">
</div>
<script type="text/javascript" language="javascript">
new Ajax.PeriodicalUpdater('heartbeat','jsp/template/heartbeat.html',{ method: 'post', frequency: 300, decay: 1 }); // update heartbeat.html every 300 sec(5min)
</script>
</body></html>Hi Shay,
Reviewing ADFContex methods it seems that this object shouldn't be accessible from BC. Example:
public static ADFContext initADFContext(java.lang.Object context,
java.lang.Object session,
java.lang.Object request,
java.lang.Object response)
Initializes the ADFContext for the environment of the specified context.
Parameters:
context - the ServletContext or PortletContext of the current execution environment.
session - the HttpSession or PortletSession of the current execution environment. OPTIONAL.
request - the HttpServletRequest or PortletRequest of the current execution environment. OPTIONAL.
response - the HttpServletResponse or PortletResponse of the current execution environment. OPTIONAL.
Returns:
the ADFContext that was current when init was invoked. Should be passed back to resetADFContext after the block requiring the ADFContext has completed.Kuba -
Session problem in one out of two jsp
Dear java guru's
I have got jsp page A.jsp.User select few option and this jsp calls
B.servlet this takes user input and pass to
C.bean which returns vector to B.servlet
This servlet put vector in session and dispatch to new jsp
D.jsp which calls
E.jsp in it for Image generation.
This E.jsp retrieve vector from session and generate a image and reurn to D.jsp
Now my problem is that session in B.servlet and D.jsp are same but a new session in created in E.jsp so image is null as it could get data from vector which is null.
I put System.out.println(session.getId()) in each servlet and jsp so to get thier ID's.
This is working fine in my system with Tomcat 3.2 but on web the new session is created for E.jsp
I am calling E.jsp like this
<img src=<%=response.encodeURL("/iscap/report/jspChart.jsp")%> alt="generation image" width="400" height="350" border="1">
I am making page session=true in each jsp and also puttting request.getSession(false);
but still E.jsp is getting new session.I tried eliminating each one and made all combination that could be possible but not effect.
How Can I solve this problem on the web where I have to load this?
Do I have to make setting in context .
payal sharmaHi,
If you have been using jspChart v 1.00 :
As shown in the modified , attached PPT :
I will be displaying a bar chart. The length of bar chart is obatined from Sybase database. This chart should be dynamically created depending on the value on
the database and x -axis is exponential.
This will be displayed on a HTML page.
1. I want to know whether,the values can be obtained the values from Sybase database ?
If so, what are the changes.
2. can you tell me the steps to install and run the jspchart v 1.00 on Jrun or any server please.
Any thing else, I need to install like SAX , JCLARK. I am getting errors in this. PL HELP.
3. Is it possible to plot "Exponential values" in the Y-axis. like 0 - 100- 1000 - 10000 - 100000
and the length of the Bar should automaticall be coloured till that Point as shown in the Power point attached.
If not, any suggestions to use any other software.
Thanks in advance.
[email protected] -
Sessions problem when deploying to AS 10g (10.1.2.0.2)
Hello,
I have a very simple Web Application where I have isolated an issue I have found. The application works fine when executed in JDeveloper 10g (10.1.2.2) but it does not work when deployed in the AS 10g (10.1.2.0.2). My Platform is Windows XP Professional x64.
The application has been created in JDeveloper (New >> Web Project) and contains:
- a simple jsp page (main.jsp) displaying a dummy message,
- a simple filter class (authFilter.java) which only has the following code in the doFilter method:
HttpServletRequest hreq = (HttpServletRequest)request;
System.out.println("*** session id = " + hreq.getSession().getId());
System.out.println("*** requested session id = " + hreq.getRequestedSessionId());
- a web deployment descriptor (web.xml) where the reference to the filter has been added:
<filter>
<filter-name>Filter1</filter-name>
<filter-class>myfilters.authFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>Filter1</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>
When running this inside JDeveloper, the output is the following:
08/12/09 17:54:03 *** session id = ac1663b9231c2936edded7df423f9161c223ee0d4246
08/12/09 17:54:03 *** requested session id = null
08/12/09 17:54:08 *** session id = ac1663b9231c2936edded7df423f9161c223ee0d4246
08/12/09 17:54:08 *** requested session id = ac1663b9231c2936edded7df423f9161c223ee0d4246
08/12/09 17:54:10 *** session id = ac1663b9231c2936edded7df423f9161c223ee0d4246
08/12/09 17:54:10 *** requested session id = ac1663b9231c2936edded7df423f9161c223ee0d4246
Each time I reload the page in the browser I get two messages where the session id and the requested session id are equal and the same.
However, when running the application inside the AS, the output is the following (taken from the opmn/logs/OC4J~my_component~default_island~1):
08/12/09 17:56:58 *** session id = ac16322030d6da9410e6348449449a4cf1f0e65956cf
08/12/09 17:56:58 *** requested session id = null
08/12/09 17:57:01 *** session id = ac16322030d6bc42fa22332e41818aa6ece1fd371361
08/12/09 17:57:01 *** requested session id = null
08/12/09 17:57:02 *** session id = ac16322030d60895af4c8cc44aef9ff6e6e3b3fd2e04
08/12/09 17:57:02 *** requested session id = null
That is, each time the page is reloaded, a new session is created.
This problem is actually blocking me since I would like to use the session to store some data used for authentication in the filter (dynamic credentials). As a new session is being created for each access, the data stored in the session is lost and users cannot log on the application.
Thank you in advance,
Jorge.
Edited by: Jorge Pacios on 10-dic-2008 0:31
Platform information added.It couldn't be such difficult.
I have the jar's, the drivers in, the jdbc url connection as
url="jdbc:oracle:thin:[USERNAME/PASSWORD]@IP:PORT:SID"/>
Also I can connect via sqlplus with this string conn.
The main error I get is
"Cannot lookup jdbc datasource.
The process domain was unable to lookup the TX datasource "jdbc/BPELServerDataSource"." -
Session problem in servlet??
hello,
i have made a simple shopping cart which goes through the
following stage:
1st stage:
// Additions to the shopping cart
HttpSession clientSession = request.getSession( true );
ShoppingCart vBasket = (ShoppingCart)clientSession.getValue("thecart");
if ( vBasket == null ){
System.out.println("NO CART");
vBasket = new ShoppingCart();
clientSession.putValue("thecart", vBasket);
System.out.println("MADE THE CART");
vBasket.add(the_item);
// at this stage, the items are being added to a hashtable
2nd stage:
HttpSession clientSession = request.getSession(false);
System.out.println("GOT THE SESSION");
ShoppingCart vBasket = (ShoppingCart)clientSession.getValue("thecart");
if ( vBasket == null ){
System.out.println("CART HASN'T BEEN MADE!!");
throw new Exception();
// At this stage, the object of the ShoppingCart class still has null value even if in the existing session the ShoppingCart has been made at stage 1. Any idea why this is happening??
thanks
Richardi believe that if u declare the writer before u get the session you may have problem like yours (happened to me). so make sure to get the session before instantiate your (response)writer.
-
User self registration - session problem?
I have created a form which lets users register by themselves.
The form calls a stored procedure which creates the user - sofar
everything works ok. At the very end of the procedure I want to
automatically login the user and direct him to the main page.
That fails with a 'Page not found' error in the browser.
i have done a lot of debugging and everything looks ok, the user
is created. I can log in as the new user if I close the browser
and restart it. I suspect I loose the session because the
procedure that creates the user uses a set_context call to be
able to work:
portal30.wwctx_api.set_context(p_user_name
=> 'PORTAL30',
p_password
=> 'PORTAL30');
foo := wwsec_api.add_portal_user(p_user_name =>
username,
p_first_name =>
first_name,
p_last_name =>
last_name,
p_work_phone =>
phone,
p_organization =>
organization,
p_db_user => null,
p_portal_user
=> 'Y');
portal30.wwctx_api.clear_context;
(I have a clear_context which I hoped should take me back to the
original session)
At the very end of the registration procedure I call the login
function to log in the user:
portal30.wwptl_login.login_url(ssousername =>
username,
password => password,
p_requested_url =>
url,
p_cancel_url
=> 'http://myserver.com/');
The browser is taken to this URL:
http://myserver.com/pls/portal30/!
PORTAL30.wwa_app_module.accept
and the following error message is shown in the browser:
Page Not Found...
Anyone got any idea what might be the problem and what to do
about it, or how to debug it???I managed to grant execute on the package using SQL/Plus as you
suggested - but I'm still having problems. Using the following
code:
portal30.wwctx_api.set_context(p_user_name => 'PORTAL30',
p_password => 'PORTAL30');
my_special_procedure;
portal30.wwctx_api.clear_context;
-- Create a new session for the user
portal30.WWCTX_SSO.clear_sso_session(sess_id);
v_sess_id := portal30.WWCTX_SSO.set_sso_session(
p_user_name => username,
p_db_user => username,
p_nls_language => 'us',
p_http_language => 'en',
p_nls_territory => null,
p_trans_language => null,
p_start_time => sysdate,
p_active => 1,
p_ip_address => v_ip_address,
p_id => null,
p_is_logged_on => false);
No luck - no pages can be viewed. Have to restart the browser to
get back to portal.
I've also played around with some other functions in the
WWCTX_SSO package, like create_session, but still no luck. -
JSF & Tomcat 5 session problems
I am implemeting a web application using JSF and tomcat authentication. The problem is that tomcat is losing the session when I hit refresh on any of the pages which are marked as havign a security constraint.
e.g. you go to index.html -> takes you to login.jsp (as you need to log in first), you log in successfuly and go to index.html, you hit refresh and get taken back to login.jsp.
Any help would be much appreciated.
If anyone has implementign an app using tomcat authentication and jsf, I would be grateful if they could tell me how they are managing to overcome this issue.I have a similar question, but not about session timeout, but managing the data within your session. In our previous homegrown JSP Model 2 Framework, we had various methods in place to cleanup the session for a page (essentially allowing you to cleanup the managed beans after you were done with a page). Due to constant activity, the sessions never timeout, but there is "dead" data in the session. How would you do this in JSF? For example, lets say you go through a wizard set of screens, where once complete, you don't want the managed beans to exist in the session anymore. Where would you tap into the JSF lifecycle to do this?
Thanks in advance,
Dave
Maybe you are looking for
-
IPod isn't recognized by iTunes and won't let Windows format it
I have an iPod classic that won't do much of anything. It won't turn on and rarely gets past the apple logo. It it does get past the apple logo though it asks as if you just bought it and asks your language and has nothing on it. If you go into setti
-
Hi, for some reasons the pictures in my albums became very small. like very small thumbnails whereas before they were quite bigger. I don't know how to revert back to normal. Anyone knows? Thx
-
Print out a Date in a format I want
Now if I print out a Date object, I will get something like "Sat Jan 01 00:00:00 CST 2005", but what I want is "1/1/2005". I tried to use the get methods to get the month, day, and year so that I can put them in a format I want. However, all the get
-
Is the a way to connect a deli scale to the ipad?
Does anyone know of a way to connect a deli scale to the ipad for POS?
-
Where can I find the OOW replacement cost(s) for the IPhone 4S on the Apple Canada (English) website ? I have spent considerable time in looking but nothing is apparent. Does Apple not publish these cost(s) if so why not ?