Handling an expired session

Similar Messages

• How to handle expired sessions in portals

  Hai all,
    we have implemented a logic which is given in the following blog (to handle expired sessions).
  (Blog from--Thomas Jung)
  /people/thomas.jung3/blog/2004/12/06/bsp-developers-journal-part-xv--stateful-bsp-and-timeouts
  this is working fine when we run application from workbench organizer.but when i run the same application through Portal,it was failed.
  if someone comeacross this situation please kindly send your comments and solution to this problem.
  Thanks in advance,
  Innu.

  Hai Durai,
  Thanks for the immediate response.
  Here i will give the clear idea about the failure situation.
    IF gv_load IS INITIAL.
      DATA: fields TYPE tihttpnvp.
      FIELD-SYMBOLS: <wa_fields> LIKE LINE OF fields.
      CALL METHOD request->get_form_fields
        CHANGING
          fields = fields.
      LOOP AT fields ASSIGNING <wa_fields>.
        IF <wa_fields>-name CS 'htmlb' OR
           <wa_fields>-name CS 'HTMLB'.
          gv_load = '-'.  "False - Problem with ABAP_FALSE
         appearing the same as initial.
        ENDIF.
      ENDLOOP.
      IF gv_load IS INITIAL.
        gv_load = abap_true.
      ENDIF.
    ENDIF.
    IF gv_load NE abap_true.
      DATA: url  TYPE string.
      DATA: page TYPE string.
      page = 'reload.htm'.
      DATA:  params TYPE tihttpnvp.
      FIELD-SYMBOLS: <wa_params> LIKE LINE OF params.
      APPEND INITIAL LINE TO params ASSIGNING <wa_params>.
      <wa_params>-name = 'url1'.
      CONCATENATE 'http://sapcrmdev.server.com:8080/sap/bc/bsp/sap/'
                   'salesord/default.htm'
                  INTO <wa_params>-value.
      CONCATENATE ' ' ' ' INTO <wa_params>-value.
     <b> CALL METHOD
        cl_http_ext_webapp=>create_url_for_bsp_application
        EXPORTING
          bsp_application      = 'SALESORD'
          bsp_start_page       = page
          bsp_start_parameters = params
        IMPORTING
          abs_url            = url.
      navigation->exit( url ).
    ENDIF.</b>
    The imported parameter URL,which loads the reload page with parameter URL1.
  Exactly here i am getting the problem.
  [My application is launching through iViews as external services.Clearly, when i launch the portals that displays different bsp applications as menu options.when i click on my application that opens another window and from there on my application runs in that window.]
  As we are constructing URL1 above, we are unable to construct Portal url to reload from reload page.]
  so what should exactly i send value through url1 parameter to launch my application through portal..?
  if you have any sample code plz send.
  Thanks,
  Innu.

• ERROR: Error in getting session data: Invalid or Expired Session

  Hi,
  We are using ssrs 2008 r2 and have a report which has links that allow the user to drill down.
  When the link is clicked the same report is run but shows more detail. This works fine but we are now getting the error below for a user. 
  I have increased the time out for the report to 600 seconds.
  Error in getting session data: Invalid or Expired Session: fnxgxhjuveugvd552qfyv3fw
  session!ReportServer_0-6!4b0!03/18/2015-10:51:29:: i INFO: LoadSnapshot: Item with session: fnxgxhjuveugvd552qfyv3fw, reportPath: , userName: doman/user not found in the database
  Any ideas how this can be resolved?

  Hi Nasa1999,
  Based on your error message, If the all the users will sometimes got the same issue, it can be caused by the timeout issue. It happens a lot when rendering big report, and it exceeds the default Session Timeout. You can execute script
  to increase the Session Timeout time. Please refer to following blog:
  Session Timeout during execution. Also increase the value of <Query Timeout> in rsreportserver.config file. This file locate at XX:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer
  Please also check to set the <legacyImpersonationPolicy> back to true(https://support.microsoft.com/en-us/kb/972328).
  Locate the Aspnet.config file in the following folder:
   %windir%\Microsoft.NET\Framework64\v2.0.50727
  If Microsoft Visual Studio is installed on the computer that is running SQL Server 2005, double-click
  Aspnet.config. If Visual Studio is not installed on the computer, follow these steps:
          a. Right-click Aspnet.config, point to
  Open with, and then click Choose program.
          b. In the Programs list, click
  Notepad, and then click OK.
  Locate the following tag in the <runtime> section of the code.
          <legacyImpersonationPolicy enabled="false"/>
  Change the tag to:
          <legacyImpersonationPolicy enabled="true"/>
  Save the Aspnet.config file.
  Reset IIS.
  Try your report again.
  Similar Thread for your reference:
  Using SharePoint Report Viewer
  Web Part: Error in getting session data: Invalid or Expired Session: xxxxxxxxxxx
  If only the one user or several users will got the issue, the issue can be caused by the permission setting, please reference to below blog:
  http://answers.flyppdevportal.com/categories/sqlserver/sqlreportingservices.aspx?ID=3506231b-9f4d-4f5a-884d-157137c56336
  http://blog.goobol.com/the-permissions-granted-to-user-domainusername-are-insufficient-for-performing-this-operation/
  If your problem still exists, please try to provide more details information as below:
  Did you reporting service installed in native mode or sharepoint mode, If in native mode, please try to provide more error message from the log file:
  C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\LogFiles
  If you still have any problem, please feel free to ask.
  Regards,
  Vicky Liu
  Vicky Liu
  TechNet Community Support

• New session vs. expired session

  hi,
  how do I determine if a session is brand new or renewal of an expired session?
  consider following senarios:
  1. a new user open a browser and access the website
  2. a connected user sitting there idle for more than session max inactive interval, and refresh the screen
  in both case on the server side, a new session will be established, but how do I differentiate them so I can route them to different page respectively?
  Thanks!
  Gang

  If you check for this in two seperate places in the code, this should not be a problem.
  When a new user enters, just give them a new Session.
  When a user returns, use the HttpServletRequest.getSession(false) method. This will only return a Session if one exist. If no Session exist, it returns false. This way, if no Session existed or if it has been invalidated, the method will return null. You can test for null after the method returns and forward to any page you want. If not null, just continue.

• Will the new retina Macbook Pros be able to to handle big logic sessions

  Hello
  I have been using an early 2008 Mac Pro (2 x 2.8 quad-core intel Xeon) which over the past year or two has had a long history of things going wrong with it. I am thinking that it's time to get a new computer and have been looking at the brand new Macbook Pros with retina (not that i need retina!).
  I am a DJ and a musician and one of the reasons I would like a macbook pro is so I can use it to DJ with (serato) as well as incorporate it into my band (ableton). I know a Macbook pro will be able to hand these tasks well but I am wondering whether it will be able to replace my desktop as my main computer and handle large Logic sessions with plugins etc...
  The last thing I want is for it to have over heating issues or not be able to handle what I throw at it. I would love a new Mac Pro but the portability of a macpro is apealing and I'm done DJ'ing with a huge CD wallet.
  Here is what I am looking at:
  2.6GHz Quad-core Intel Core i7, Turbo Boost up to 3.8GHz
  16GB 1600MHz DDR3L SDRAM
  512GB PCIe-based Flash Storage
  Also am I correct in thinking that my 2008 early Mac Pro has more processing power than the new macbook I am looking at?
  Would be great to hear whether this macbook pro will be able to do the job for me. I'm looking at it being my main computer for the next 5-6 years
  thanks!

  Yes, yes and yes.
  "Also am I correct in thinking that my 2008 early Mac Pro has more processing power than the new macbook I am looking at?"
  You MUST be joking! LOL!
  There will be NO COMPARISON as far as speed, processing power, etc.
  You are looking at about a 40% performance boost on the CPU, alone, never mind the boost in RAM.
  Coupled with the speed of the drives in the MBPro, you will also notice that your insanely complicated projects that typically take a few minutes to load, will actually load in mere seconds.
  GO FOR IT!
  Treatment

• What's the best way for a web app to handle logins and sessions?

  I'm deploying in JBoss, using JSF. As is often the case, I keep User information in an entity bean. My question is, what's the best way to handle this bean?
  My inclination is to create a login page with a LoginBackingBean atached to it. When the user attempts to log in, it will see if there is a User entity bean that corresponds to the given name and password. If there is no User bean that matches, obviously we show an informative error screen.
  But what happens if there is a valid user?
  In the plain old Servlet world (without EJB / J2EE) I would just put the User object (it's an object, not an EJB) into the HttpSession, and I would create a Filter that would check for the presence of that User object, and I would map the filter to something like /members/*, and that would be it. I would use Hibernate to persist the User object, and there would also be a filter that creates a Hibernate session and stores it in the Request so that the User object would work and persist.
  How do I do this within the J2EE / EJB world?
  My first thought would be to just do the same thing. Install the User bean into the HttpSession, and create a filter and do all the same stuff. Is that the right way to do it? It would work pretty well with JSF because I could just access things in the normal JSF way: #{user.firstName} would find the "user" object in the HttpSession scope. So that's good.
  One question that comes up from that is if the user makes some change to the User object that is in the Session scope, will the EJB automatically do the right thing and make those changes persistent? Is there anything else I need to do?
  I'm new to the EJB world, but from what I can see so far, it seems like it's the best way to think about a web application.
  Thanks

  hi ,
  i think the best way is to create java beans ,in that bean call your EJB ,
  and check the validation over there.
  and make that bean scope to session.
  in each and everypage try to check the session ,if it is not valid then forward to your login page...
  otherwise continue to give access to him like guest
  Regards,
  AfTaB

• OAS continues to fulfill requests that use expired sessions (bug???)

  When I make a request against one of our OAS servers after I know my session has expired, the server responds with an HTTP response that includes a header to clear out my SSO login cookie (I think that's what it's referred to as), but it still fulfills the request as normal.
  Utilizing Apache JMeter, I was able to determine the details of such a transaction.
  ----------the request----------
  GET https://our_oas_server:443/some_resource
  Cookie Data:
  OHS-our_oas_server-443=(a long hexadecimal string)
  ----------the response----------
  HTTP/1.1 200 OK
  Date: Tue, 19 Feb 2008 16:54:08 GMT
  Server: Oracle-Application-Server-10g/10.1.2.0.0 Oracle-HTTP-Server
  Set-Cookie: OHS-our_oas_server-443=; expires=Thu, 01 Jan 1970 12:00:00 GMT; path=/
  Cache-Control: max-age=0
  Expires: Tue, 19 Feb 2008 16:54:08 GMT
  Cache-Control: private
  Keep-Alive: timeout=15, max=100
  Connection: Keep-Alive
  Content-Type: text/html
  (the HTML)
  If I allow the cookie to be removed, a subsequent request is responded to with a redirect to our Oracle SSO server.
  Has anyone else experienced this? Can anyone else confirm it? Can anyone shed some light on it? This behavior appears to be a security issue as it means someone can continue to interact with the server as an authenticated user without the need to re-authenticate, even after the server has been restarted.
  Gregg

  Please retest with the latest patchset applied. I know some issues in this area have been fixed in the past years in the AS patchsets.
  If the issue still occurs after applying the latest patchset, please ask again, then please use the Identity Management forum as it may then be config related.

• Correct handling of expired Messages

  Hi everyone,
  I want to enqeue messages using PL/SQL-AQ. This works. The Message-Consumer (external JMS-Client) must not receive messages which have expired. But this is not a Problem because expired messages are being moved to the exception queue.
  Now my problem:
  Since due to the nature of my app it is possible that a lot of messages are being moved to the exception queue, i'm wondering how to clean up that one. Does the Queue-Monitor-Process (which I succesfully activated) clean the exception-Queue? If so, when this is done? And in General: What is the architecturaly correct way to do message-expiration-Handling?
  would be grateful for anything because this problem drives me nuts and there seems nowhere to be apropriate documentation.
  BTW: I'm using 9.2, but there is a plan to migrate to 11g. So please maybe point to changes in 11g if possible.
  Thanks,
  slavisa
  Edited by: user11359024 on 24.09.2009 02:18

  bstaletic wrote:
  Leonid.I wrote:
  And I'd probably _think_ before proposing stupid things... And then take a long look at /var/lib/pacman/local/filesystem-2014.06-1/install.
  To answer the original question: you don't have to do anything.
  You're wrong. Take a look at the wiki page concerning dealing with these files. Then check if there is a group like "git" or "ntp" in your earlier /etc/group. Then check if there's anything about that group in /var/lib/pacman/local/filesystem-2014.06-1/install.
  I sense lots of confusion here, so let me explain in detail.
  The .install script in the filesystem package is provided specifically to ensure that already running systems will keep running with new packages which require new user/groups, like systemd-timesyncd, by adding users/groups via post_upgrade() as well as checking that "standard" users/groups exist. For example
  post_upgrade() {
  _addgroup optical -g 93
  _addgroup audio -g 92
  _addgroup video -g 91
  _addgroup systemd-network -g 193
  _adduser systemd-network -u 193 -g 193 -d / -s /usr/bin/nologin
  Yes, you may have git and ntp which were added by corresponding packages and "vanilla" passwd/group doesn't have these.
  Hence, there is no need to merge {group,passwd}.pacnew files manually, just rm them. They are _not_ like other config files. In fact, they probably shouldn't even be in the backup array of filesystem (just like resolv.conf).
  bstaletic wrote:Wiki says to do just what ukhippo suggested, and there's nothing about any of the groups I mentioned in the file.
  Yes, and wiki is the Ultimate Truth of course, right?

• JavaBeans handled properly in session scope only

  When implementing own ActionListeners and trying to retrieve data from
  the modified JavaBean, i get a nullpointer exception if the javabean is defined not in session-scope. In my example below, the bean "UserManager" can be acessed, if it is defined as session bean. Since this is not necessary, i would prefer this bean to be in request scope.
  public class UmaActionListener implements ActionListener {
       public void processAction(ActionEvent arg0)
            throws AbortProcessingException {
            String command = arg0.getActionCommand();
  FacesContext context = FacesContext.getCurrentInstance();
  if (command.equals("change")) {
  UserDataBean bean =
  ( UserDataBean)Util.getValueBinding("UserManager").getValue(          context);
  System.out.println("CHANGE="+bean.getEmail());

  The ActionListener code you quote should work fine if "UserManager" actually exists as a request attribute when the event handler is called. But you will have had to put the UserManager there already -- nothing in JavaServer Faces will do that automatically.
  Craig McClanahan

• Get ivi instrument handle from NISE Session

  In TestStand I begin my sequence with an niSE Open Session.vi and I then pass this NISE session reference around to other VI which use the niSE Connect and Disconnect VI's to connect/disconnect routes specified in MAX.  This works perfectly for me.  How do I convert this NISE session reference into an instrument handle for specific IVI devices in this NISE Session?  I want to be able to use the "ni Switch Get Relay Position.vi".  I tried using the "ni Get IVI device session.vi" but i get an error that says VI was stopped at IUseDCO.  What does this mean?  Is it possible to do what I'm asking?
  Thanks
  I'm using TestStand 3.5 and Labview 8.2
  Attachments:
  error.JPG ‏25 KB

  Hi Chad,
  The problem with the find route.vi is it just tells me if the path is available or not.  It doesn’t tell me what state the relay is in.  When using SPDT relays this is a problem.
  I’m using a 2570 card set for SPDT operation.  So if I do a find route after a reset on “Com->NO” and “Com->NC” both return path available.  I understand this because I have not made a connection call to either one.  If I make a call to connect “Com->NC” the relay changes states.   The connection then returns a path exists.  My problem comes when it comes time to disconnect.  Since it is a SPDT I have to first disconnect “Com->NC” then make a call to connect “Com->NO” (which is very annoying).  If someone just calls disconnect and I try to read the path availability both return path available again and the relay has changed state.  How do I know for sure which pole the common is connected to?
  If I open Switch Soft Front Panel it shows exactly what position the relay is in.  How do I get this info to labview?  This is why I was trying to get the instrument handle to the underlying IVI session so that I can look at individual relays instead of paths between endpoints.
  I hope this makes sense.  I know I can’t be the first one to have this problem, so if anyone has another solution I would appreciate any help.
  Thanks    

• How can I expire sessions?

  I would like to expire a session when the user is Idle for X minutes. Does somebody know if there is any parameter in the configuration of the oracle portal to do it? or something like this.
  I know that I can put a redirect javascript in all the pages that log user out when a countdown expire, but with this method I have some problems. One of them could be that, if the user open a new window from the browser4s window that have this countdown, and only work with the new window, the countdown of the parent window can expire and do the log out while user is working.
  I'm working with Oracle Portal V: 3.0.9.8.2.
  I find some information: RH AS 4 - Loading module "oracleasm": Unable to load module "oracleasm"
  If is possible I need another opinion.
  Thanks for all.

  Has anyone been able to expire a session in release one? I too am looking for this solution.

• Expires session on close of browser.

  Hi!
  I need to expires the session when user close the browser... someone
  can show me how do it ?
  tkz
  Tiago de Souza
  ticdd

  I dont think the session will be destroyed when the browser is closed, I believe the session will be still active in the server until it is timed out depending on the maxmimumInactive property value.
  but I have never tried removing the session when browser is closed

• Handling End of Sessions

  Hello,
            I want to handle end of a session. I want to redirect the user to the Login
            page when the session ends.
            What is the best way to do it? Is there an event that is generated when the
            session ends? If so how will my Servlet get that Event?
            I am using a combination of Html, Servlets, and JSP (transparently compiled
            to Servlets).
            Thanks in advance
            

            [email protected] wrote:
            > Thanks for the information. I understand how I can invalidate a
            > session.
            OK.
            > What I was looking for is a little different. How can I
            > FIND WHEN THE WEB LOGIC SERVER ENDS MY APPLICATION SESSION?
            > Do my application get an event so that I can invalidate the session
            > and send the user to the logon page?
            You cannot find when the WLS ends your session unless & until you write
            your own version of Event class.
            HttpSessionBindingListener is a best bet to implement this feature.
            (Causes an object to be notified when it is bound to or unbound from a
            session. The object is
            notified by an HttpSessionBindingEvent object)
            1. Create a class say NotifySessionTimeout that implements
            javax.servlet.http.HttpSessionBindingListener
            2. create an object of the above class and attach it to user session
            3. when the session is removed NotifySessionTimeout.valueUnbound( ) will
            be called by the servlet engine.
            4. you can implement valueUnbound( ) to do whatever you want.
            Kumar
            >
            >
            >
            >
            >
            >
            > Allamraju Kumarswamy wrote:
            >
            >> Sailaja--
            >>
            >> You can invalidate the current session by calling
            >> session.invalidate( ) .
            >> Where session is HttpSession's object.
            >>
            >> For this you might want to configure the session tracking in
            >> weblogic.properties file
            >>
            >> weblogic.httpd.session.enable=true (already set to true)
            >> weblogic.httpd.session.timeoutSecs=x
            >>
            >> Sets how long WebLogic waits before timing out a session, where x is
            >> the number of seconds between
            >> a session's activity.
            >>
            >>
            >> Hope this helps.
            >>
            >> Kumar
            >>
            >> Sailaja wrote:
            >>
            >> > Hello,
            >> >
            >> > I want to handle end of a session. I want to redirect the user to
            >> > the Login
            >> > page when the session ends.
            >> >
            >> > What is the best way to do it? Is there an event that is generated
            >> > when the
            >> > session ends? If so how will my Servlet get that Event?
            >> >
            >> > I am using a combination of Html, Servlets, and JSP (transparently
            >> > compiled
            >> > to Servlets).
            >> >
            >> > Thanks in advance
            >>
            [att1.html]
            

• Expire session if user makes backward

  Hi!
  How can i expire my page, when a user tries to make backward in browser??
  Bye,
  Telmo Cardoso

  In the first page you set one session varrible by session.setAttribute() method and in the next page you get the value of that varriable in some object and check object is null or not if null give session expiered error.
  On submit of that page in the next page at the end you first remove that session varriable by session.removeAttribute() hence when it come backword and try to resubmit againe Session Expiered error will fire.

• Action handler for timeout session

  Hi experts,
       When any web dynpro application stays inactive for a long time its session gets ended. When you want to access it you will get a error like The following error text was processed in the system ECN : User session (HTTP/SMTP/..) closed after timeout .
  Any idea how to catch this event i.e. when it is getting timedout?
  Thanks & Regards,
  Monishankar C

  Hi Aditya ,
    I have created a ui element 'Timed Trigger' in my view and also created a action. Now i have put a debugger in that and executed  my application. After some time the user session is get closed when i have tried use the application but the debugger not popped up.
  So how can i come to know this action has been triggered.
  Thanks & Regards,
  Monishankar C