Form based login, iframes and session time out

Hi all,
I'm trying to create a site using form based login.
The site contains a page protected page, default.jsp that have a logout button/link (clicking it invalidates the session), and a navigation bar with links linking opening them in iframes inside the default.jsp page:
I have also a login.jsp page and and a error.jsp page
Everything works fine I can login, I can logout. My problem occurs when the session times out and the user tries to access protected contents in the internal frames. He then is promted for a new login. The problem is that the login,jsp page now turns up inside the jframe designatet for my contents.
I woud have liked the login page to turn up at the top level i.e. filling the entire browser window (i.e on the same level as the default.jsp page). Is this somehow possible?
Regards
Uno Engborg

Easy answer: use JS to jump out iframe.
Best answer: don't use iframes, but use server side includes like jsp:include. Iframes have too much disadvangages, topping the extremely bad SEO and UX.

Similar Messages

  • SSO Partner Application and Session Time out

    Hi ,
    We have an application on forums.oracle.com which is implementing the Authentication scheme as SSO, that is working well, now we want to implement Session Time out if the user is idle for some time and ask him to login again after the session fails, I have tried to implement this feature as given by Scott in the thread session timeout , well the problem is since we dont have a login page here how do we set the cookies owa_cookie.send(
    name => 'HTMLDB_IDLE_SESSION',
    value => to_char(sysdate+(20/1440),'DD-MON-YYYY HH24:MI:SS'),
    expires => null,
    path => '/',
    domain => null
    and where is the current point to implement it.
    Any help on this is greatly welcome.
    Thanks in Advance.

    Naveen,
    I don't remember how the solution works. But if you don't have a login page you can usually put code in the post-authentication process of your authentication scheme to do whatever the login page process would have done.
    Scott

  • HFM Web Sever Configuration--Keep Alive and Session Time Out Optimal Config

    We recently implemented an HFM 9.3.1 environment. We are using Windows 2003 Enterprise SP2 servers with IIS6. We have two HFM Web servers connecting to an application cluster with two application servers in the cluster. We were getting some errors when trying to unlock HFM cells in Workspace, but we were able to perform the functions fine on the application using the WIN32 client.
    I opened a ticket with support and they recommended modifying the subcontext.properties file located in %HYPERION_HOME%\deployments\WebLogic9\servers\Workspace\webapps\workspace\conf. They recommended changing the following settings:
    #KeepAliveInterval=30
    #SessionTimeout=60
    From what I understand, these settings are for the communication between the HFM Web Servers and the application cluster servers. I'm wondering how changing these settings may affect our environment. Are there negative effects and/or trade-offs for changing these settings? Is there a recommended threshold or maximum value?

    Hi Dinesh,
    This cannot be achieved without development enhancements to some standard SAP framework component, to introduce a "keep-alive" concept. If you are using a CMS for CTI or email integration, you need to ensure it supports keeping the communications session alive also.
    Sincerely,
    Glenn
    Glenn Abel
    Covington Creative
    www.covingtoncreative.com

  • Session Time out - Relogin not redirecting

    Hi,
    If I am in a particular page of an application, and session times out, I get Page Expired window. On click of that, it takes me to login page. After I relogin, it is NOT redirecting me to the page where the time out happened. It just redirects to the Application Main page. Is there a way to let ADF redirect to the page where time out happened?
    Thanks,

    Hi Aluvala,
    Based on the current description, I understand that you would like to change the error message to custom message. The issue relates to Render Extension. Currently, the behavior which changes the error message to custom message is not supported. Therefore,
    I would suggest you submitting a wish at
    https://connect.microsoft.com/sql. Connect site is a connection point between you and Microsoft, and ultimately the larger community. Your feedback enables Microsoft to make software and services the best that they can be, and you can learn about and contribute
    to exciting projects.
    If you still want to make custom render message, you can try to create custom render extension while it is not easy.
    Hope this helps.
    Regards,
    Heidi Duan
    Heidi Duan
    TechNet Community Support

  • Session time-out and password security

    Hi,
    I have a webservice utility, deployed on several platforms (as an EAR on weblogic and webspere, as a WAR on tomcat), they all exhibit the same feature: on first connection, a username/password box pops up, but after the session times out (after 20 minutes or so of inactivity) and the it receives a new page request, instead of re-asking for the username/password, the app just jumps back to its own start page, and then continues without asking.
    How can I make it to pop-up the username/password box again?
    The security is implemented through the web.xml file:
    <security-constraint>
        <web-resource-collection>
          <web-resource-name>Success</web-resource-name>
          <url-pattern>/Logparser</url-pattern>
          <http-method>GET</http-method>
          <http-method>POST</http-method>
        </web-resource-collection>
        <auth-constraint>
          <role-name>webuser</role-name>
        </auth-constraint>
      </security-constraint>
      <login-config>
        <auth-method>BASIC</auth-method>
        <realm-name>default</realm-name>
      </login-config>
      <security-role>
        <role-name>webuser</role-name>
      </security-role>I found that this in itself was not good enough security as you would be able to go directly to one of the sub-pages (if you know the url), and to prevent that I pass (and check) the session-id with each page request.
    (all java servlets).
    Obviously something is missing, but I don't know what
    thanks
    Michael

    Hi Michael,
    Your web application is currently configured to use BASIC authentication.
    Instead if you use FORM-based authentication, then any new request (after your web application session times out) will be redirected to the login page. The Servlet specification has more information about FORM-based login.
    If you have a Sun ONE Web Server 6.1 or a Sun Java System Web Server 7.0 installation you can find a sample that uses form-login in the following directory
    6.1: <install-directory>/plugins/java/samples/webapps/security/form-auth
    7.0: <install-directory>/samples/java/webapps/security/form-auth

  • Session Time out  and session_timeout.jsp

    We have Sun Java Identity Server 2005 Q1 installed as part of our Sun Java System Portal Server 2005 Q1 install.
    When the authentication session times out, it redirects the user back to the login page. I remember that in 6.2 it used to show up the session_timeout.jsp page? Is there any way to make it work that way in Q1 2005 ?

    To be more specific, find your top level desktop display profile (marked as Default Channel Name) container name. Then go to Portal desktop type (default, or sampleportal, or...) with above container directory. (ex: /etc/opt/SUNSWps/desktop/default/JSPTabContainer) Modify header.jsp and/or menubar.jsp (something ...?action=logout with goto=http:///.....) HTH, Jerry

  • Session time out and automatic log off

    hi,
    I have been using JSC for a while but I am not JSC guru.
    I want to implement automatic logoff when the session timesout. I know that I can set session time out in tomat web.xml file. but I cant understand how to check if the session time is out and logOff the user.
    When user logs in, username is stored in the database, so when the user logoff the username has to be deleted from the database and he should be redirected to the login page. I want all this to be done automatically when session times out(i.e if the user is inactive for specified amount of time).
    Any help is greatly appreciated. Please reply ASAP, i need to get this working by tommorow.
    chees
    satish

    I think you might find this thread interesting:
    http://swforum.sun.com/jive/thread.jspa?threadID=50520&messageID=183099

  • SSL and login form for form based login over ldap

    Hello,
    i have configured an apache reverse proxy with virtual named host and the the webgate is also running on this server.
    On a second server i have configured a webserver with the login form.
    Access to the protected ressources is working when i use the following parameters in my Authentication schema
    form:/form/login.html
    action:/dummy
    creds:userid password
    ssoCookie:httponly
    passthrough:no
    SSL Required No
    Challenge Redirect http://dummyserver.dummy.org
    Changing the SSL required to yes and the url to https has the following result.
    After filling out the login form and pressing the submit button "the requested URL /dummy was not found on this server"
    Any hints are welcome.
    Kind regards

    Hi Colin,
    Yes the dummy url is protected. Otherwise it should not work when using http.
    I assume that i am not redirected back to the origin source. The obSSOCookie should do this in some way, when i remember that correctly.
    I can see that the obSSOCokkies are created for both urls but the content is "loggedoutcontinue". Thats the difference to the http communication.
    Is there anything else to configure when using SSL with a form based login. Have i missed some basics?
    In the documentation it looks really simple - just trning it on - looking for access - and everything works :-)
    KR

  • [svn] 2692: Bug: BLZ-227 - When using JMS Destination, MessageClient and FlexClient not released from memory when the session times out .

    Revision: 2692
    Author: [email protected]
    Date: 2008-07-31 13:05:35 -0700 (Thu, 31 Jul 2008)
    Log Message:
    Bug: BLZ-227 - When using JMS Destination, MessageClient and FlexClient not released from memory when the session times out.
    QA: Yes
    Doc: No
    Checkintests: Pass
    Details: Fixed a memory leak with JMS adapter. Also a minor tweak to QA build file to not to start the server if the server is already running.
    Ticket Links:
    http://bugs.adobe.com/jira/browse/BLZ-227
    Modified Paths:
    blazeds/branches/3.0.x/modules/core/src/java/flex/messaging/services/messaging/adapters/J MSAdapter.java
    blazeds/branches/3.0.x/qa/build.xml

    Revision: 2692
    Author: [email protected]
    Date: 2008-07-31 13:05:35 -0700 (Thu, 31 Jul 2008)
    Log Message:
    Bug: BLZ-227 - When using JMS Destination, MessageClient and FlexClient not released from memory when the session times out.
    QA: Yes
    Doc: No
    Checkintests: Pass
    Details: Fixed a memory leak with JMS adapter. Also a minor tweak to QA build file to not to start the server if the server is already running.
    Ticket Links:
    http://bugs.adobe.com/jira/browse/BLZ-227
    Modified Paths:
    blazeds/branches/3.0.x/modules/core/src/java/flex/messaging/services/messaging/adapters/J MSAdapter.java
    blazeds/branches/3.0.x/qa/build.xml

  • I'm trying to verify my email and keep getting a session time out

    I have an ipod touch and need to verify my email address but keep getting a session time out message

    Does Safari work?
    Try:
    - Reset the iOS device. Nothing will be lost
    Reset iOS device: Hold down the On/Off button and the Home button at the same time for at
    least ten seconds, until the Apple logo appears.
    - Power off and then back on your router
    .- Reset network settings: Settings>General>Reset>Reset Network Settings

  • How to get username from Form-based login

    I am using form-based login in my web.xml file.
    When I attempt to access a protected .jsp page, I get sent to my login page as expected.
    When I enter my username/password successfully it forwards me to the .jsp page I was trying to go to, as expected.
    From that .jsp page, how do I get the username/password info from the login form? I looked at the session attributes, request attributes, and request parameters, but I don't see anything. Does the form-based authentication remove these variables?
    I need the username that is filled out in the login form, so that I can do custom work with it. I cannot ask the user for it again after they login, as that is inefficient and sloppy.

    Found it.
    request.getUserPrincipal().getName()

  • About session time out

    when i login to the webmail,session time out is randomly reported ,but I have set http.sessiontimeout to be a very large value,I there any suggestion??
    thanks

    If your users connect through a proxy or some form of load balancer, they may be coming from a variety of ip addresses. Since HTTP is "stateless", the originating ip address is part of what we call "ip security", and if the connection changes source ip, we time it out immediately, to prevent session hijacking.
    If this is what you're seeing, you can turn ip security off, and prevent these timeouts.
    configutil -o service.http.ipsecurity -v off

  • Session time out app store

    I keep getting session time out whenever I try to purchase apps on iPhone 5. It keeps asking me to verify my credit card security number and then when I click DONE, it tells me session time out. Anyone can help?

    Having problem with internet connectivity on WIFI - anything that depends on DNS for data whether it is a web browser or an app while using WIFI.  I call this problem "WIFI Lockout".
    This happens on iphone 4, ipad 2 and ipad 3 that has been updated to iOS 6.
    I am not talking about the issue of the missing apple page (day 1) or the inability to turn on/configure WIFI after updating to iOS 6.
    This is what i have discovered so far.
    You could be in the middle of surfing or using any app that makes data calls based on DNS (when you type google.com that is translated in the background so your device knows where to go - summary only) and suddenly you can go no where or do nothing!
    Sometimes conectivity goes trouble free for long periods, other times it is repetitive "WIFI Lockout".
    Yea sure, you can restart the WIFI connection, but WHO wants to CONTINUALLY do that?
    Interestingly enought the device is still successfully connected to the internet via WIFI, but DNS request fail to pass successfully from the iOS 6 device.
    Apple (or any curious iOS 6 user that wants to see my point), when this happens "WIFI Lockout" open up a browser before you reset the WIFI  connection and type type 74.125.227.144 (google) and then “go” (I tried both safari and chrome).  A google search page will come up and you will be able to execute a search (of course any link you click on will not work as it is dependant on DNS resolution).
    The above IP connection to google proves NON DNS traffic works, so the issue is not the WIFI connection to the access point that is the problem.  It is not an access point configuration/firmware or security protocol issue either because data does pass when the above steps are followed.
    I KNOW THIS IS NOT ALL OF THE PROBLEMS WITH iOS 6, BUT THIS IS A HUGE PROBLEM NOT BEING ABLE TO SURF OR GET DATA THE iOS 6 DEVICE IS REQUESTING WHILE ON WIFI.

  • Session time out in BIP

    All,
    I have set the BIP security as Oracle BI SERVER and able to successfully log in from dashboards, answers to BIP. but after some time BIP is getting timed out.
    where can I set the session time out parameter? and
    how to make the BIP session valid as long as OBI presentation services session is valid?
    Thanks in advance.

    Post Author: amr_foci
    CA Forum: Authentication
    go to the universe which this report based on, get the parameters window from (File->Paramaters)
    check the CONTROL tab
    see those parameters and configure them as you want
    good luck
    Amr

  • Session time out issue in Firefox 3.0 .

    I am using intranet application developed in .net framework 3.5. Users are authenticated via Windows Authentication in application.
    Issues in following steps;
    1) I am browsing application in one Firefox 3.0 browser. Simultaneously I am browsing some different site say google.co.uk in different instance of Firefox. Please note I am browsing google.co.uk in other Firefox browser not in different tab of same browser instance in which I am browsing my intranet application.
    2) Session time out in intranet application .
    3) I am starting new Firefox instance and try to open intranet site. I am again getting Session time out message.
    4) I closed all of Firefox browsers (2 instances)
    5) Start again a new browser and try to open intranet application.
    6) It is successfully opend.
    Now the pain is why I need to close all other Firefox browsers in case of session time out in one browser .Similar issue I was getting in IE 8 but they have feature like Open site with a new session .
    It would be nice if you can help in getting rid of this issue
    == This happened ==
    Every time Firefox opened
    == User Agent ==
    Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; WOW64; Trident/4.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; InfoPath.2; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)

    Hi Rohit,
    If you want to increase Session time : increase time in web.xml in min
    <session-config>
            <session-timeout>30</session-timeout>
        </session-config>
    and after session time out if you want to re-login to webshop then
    do following settings in XCM.
    url : http://<host>:<port>/b2b/admin/xcm/init.do
    goto -> General Application settings -> b2b -> b2bconfig.
    For reloginurl.core: value : ../init.do
    note: after session expire if your application is redirecting to https:<port>:<host>/....
    Then
    set  SSLEnabled: as false
    Restart your application
    Hope this works.
    Regards,
    Devender
    Edited by: devender on Jul 12, 2010 5:01 PM

Maybe you are looking for

  • Satellite U400 (PSU44E) randomely rebooting

    Hi Everybody, I have a strange problem on my Satellite U400. For a couple of days it was starting sending blue screens and rebooting. I used the Vista memory check tool and identified one faulty RAM. I changed both with OCZ 2*2Go PC6400, and no more

  • How to copy a table with LONG and CLOB datatype over a dblink?

    Hi All, I need to copy a table from an external database into a local one. Note that this table has both LONG and CLOB datatypes included. I have taken 2 approaches to do this: 1. Use the CREATE TABLE AS.... SQL> create table XXXX_TEST as select * fr

  • Console Crashes

    New Laptop, Windows 8 Pro x64, 16 GB RAM.  I installed the CMConsole a month ago, ran fine until last week.  Tried re-installing and repairing the Console installation with no success.  Tried System Restore back to earlier date and it failed.  When I

  • HELP - how do I arm two tracks

    using GB2 and the help file says that I just arm both tracks and push record. I'm using a Presonus firewire audio interface, and hear both tracks, but only one records at a time. what's up? how can I select both tracks thanks

  • The requirements to use Modbus protocol

    In my project,I have to use the MODBUS protocol to communicate between the devices via RS232 using labview.So,I would like to know, how I can do this in labview and what are requirements i need.Any examples and references are welcome.