How to handle session-timeout in producer-consumer(wsrp) environment.

Similar Messages

• How to set session timeout per user

  Hi,
  Ho do I set the session timeout per User in the
  Application.cfm File??
  I tried using
  <cfif SESSION.UID EQ 1>
  <CFAPPLICATION NAME="appControl" SESSIONMANAGEMENT="Yes"
  sessiontimeout="#CreateTimeSpan(0,0,20,0)#">
  </cfelse>
  <CFAPPLICATION NAME="appControl" SESSIONMANAGEMENT="Yes"
  sessiontimeout="#CreateTimeSpan(1,0,0,0)#">
  </cfif>
  But this didnt work because the cfapplication seems to have
  to be at the top before I call the variable SESSION.UID which
  I set on my login page..
  Someone know how to do this??
  Regards
  Martin

  Martin,
  Your code example cannot work because the "session" scope
  doesn't exist until your application scope is defined. So you have
  to handle this manually. Here's how you can get it done. First,
  define your application to the maximum sessiontimeout you want to
  have.
  <CFAPPLICATION NAME="appControl" SESSIONMANAGEMENT="Yes"
  SESSIONTIMEOUT="#CreateTimeSpan(1,0,0,0)#">
  Then, I don't know how you are doing your login
  authentication but when you have authenticated the user, you need
  to define the userid and the most recent activity in the session.
  Also determine your timeout value based on the userid. See example:
  <CFIF IS_AUTHENTICATED>
  <CFSET session.user.uid = form.userid>
  <CFSET session.user.most_recent_activity = now()>
  <CFIF session.user.id eq 1>
  <CFSET session.user.timeout_mins = 20>
  <CFELSE>
  <CFSET session.user.timeout_mins = 1440>
  </CFIF>
  </CFIF>
  Now, all you have to do is check whether the user has been
  idle for too long and kill the session by purging all session
  variables. For example:
  <!--- if user id is defined, this means user is logged in
  --->
  <CFIF structKeyExists(session, "user") and
  structKeyExists(session.user, "id")>
  <!--- check if timeout has expired --->
  <CFIF datediff("n", session.user.most_recent_activity,
  now()) gt session.user.timeout_mins>
  <!--- timeout has expired, kill the session and log the
  user out --->
  <CFSET StructClear(session)>
  <!--- insert your logout code here --->
  <CFELSE>
  <!--- user hasn't timed out, so reset the most recent
  activity to now --->
  <CFSET session.user.most_recent_activity = now()>
  </CFIF>
  </CFIF>

• Handle Session Timeout

  I am using JDeveloper 11.1.1.6.
  I am trying to gracefully handle session time outs in ADF. My application has been experiencing the 'canned' ADF session timeout popup when I am logged into my application and the session has timed out. That same popup is rendered even if I am sitting at my login page but haven't signed in.
  I have followed Frank Nimphius's guidance as explained in the following forum to have my application re-direct to the login page after session timeout. That works great thanks to his well detailed document.
  ADF Faces : session timeout best practice
  The concern I have now is if I am sitting at my login page and my session times out, the application stays at the login page. I now type my credentials and click log in. Because the application thinks my session is timed out, I am taken back to the login page. Ideally I wouldn't think the login page would hold a session. Do you have any guidance on how I can get around this.

  Hi,
  what about using programmatic login, in which case the login form is part of a public page (see http://www.oracle.com/technetwork/issue-archive/2012/12-jan/o12adf-1364748.html for an example you can download)
  Frank

• Iplanet 4.1 - How to set session timeout for a specific application

  Hi everyone,
  I have a Iplanet 4.1 old web instance running on Solaris 8. We are using this web instance to connect to few application instances running on Websphere 3.5. We have upgraded most of our web/app to higher version except this.
  One of the websphere applications need more session timeout. (Which I fuguredout not possible to do on Websphere).
  How do I achieve this on Iplanet 4.1.
  NOTE: I referred to Iplanet 6.x where we can achieve this by updating web-app.xml timeOut value per URI. I do not find web-app.xml under v4.1
  Thanks in advance,

  Sorry to say that we can't help here. WS4.1 is obsolete a long time ago.
  As you mentioned that you should use WS6.1SPx or WS7.0 for your production and get support.

• Best way to handle session timeout

  Hello All,
  oracle 11g, Apex ver 3.1.2
  I am bit confused about the sessoin handling mecahnism for the users .
  Which is the best way to handle session for the users is it programatically or by DBA admin level.
  What are the pros and cons going DBA Level and Programmatica level.
  Before hand I got to have some information on hand for justification.
  thanks/kumar

  Hi,
  I've done a great deal of work with mobile accounts in Snow Leopard and I'm now having a "play" with Lion. To be honest you have to sit down and think about why you need mobile accounts.
  If your user only uses one computer then your safer having a local account backed up by a network Time Machine, this avoids the many many woes that the Servers FileSyncAgent brings to the table.
  If your users are going to be accessing multiple computers on the network and leaving the network then a mobile account is good for providing a uniform user experience and access to files etc. However, your users will have to make a choice as to whether they want their iPhoto libraries on one Local machine (backed up by Time Machine) or whether they want their library to be hosted on the server and not part of the Mobile Home Sync schedule (adding ~/Pictures to the excluded items on the home sync settings).
  With the latter, users will be able to access their iPhoto libraries on any computer when they are within the network (as it's accessed from the users server home folder).
  With the first option the user would have their iPhoto library on one computer (say the laptop they used the most) but then would not be able to access it from other computers they log on to.
  iPhoto libraries are a pain, and I'm working hard to come up with a workaround. If your users moved over to using Apeture then you could include the aperture library as part of the home sync thanks to Deeport (http://deepport.net/archives/os-x-portable-home-directories-and-syncing-flaw-wit h-bundles/)
  He does suggest that the same would work with IPhoto libraries - but it doesn't for a number of mysterious reasons regarding how the OS recognizes thie iPhoto bundle (it does so differently compared to Apeture).
  Hope this helps...

• Hi I have two questions. I am using NAS 4.1 and was wondering is it possible to set a different session timeout for different users? How is the session timeout set? Thanks, YS

   

  <i>I am using NAS 4.1 and was wondering is it possible to set a different session timeout for different users?</i>
  Um, there is no such thing as NAS4.1.
  I'm assuming that you mean NAS4.0 (maybe NAS4.0sp1?). If so, then the session timeouts are specified in the session section of the NTV configuration files.
  AFAIK, you can specify session timeouts on a per user basis.

• HOW TO FIX SESSION TIMEOUT IN ITUNES

  This seems to be a common problem all over the internet!
  I can't purchase and download ANYTHING from the itunes store! My internet connection is fine, I've tried changing the time, the time-zone (of the computer), I've reinstalled itunes, restarted the computer, refreshed my internet... I'm on a Mac OS X 10.4.11 with itunes 9.
  Itunes asks me to agree to the terms and conditions, I accept and then BAM ... session timeout.
  Someone help me please! Its driving me insane!

  error -1
  Attempt to restore your iOS device two more times. If the issue is still unresolved, the device may need service.
  Apple advice

• How to fetch session timeout from the server

  Hi
  I want to subscribe about the value of the session timeout value from the server 
  from time to time , is there any way in the flex or through blazeds to achieve 
  this . 
  Thanks 
  Akshat

  Ernie,
  thanks for your suggestions. It seems my problem can't be solved in a smart way. To your question: My server space is limited ( 1 GB ), I use currently about 2/3 of it.
  I have access to the mails via the web interface and therefore I could forward the mails to my account but I would like to have all mails local on my Mac with the original time stamps and format. But that's not the case for forwarded mails. In addition for sure the problem is not solved, if I cure the current symptoms and I have no idea if it's caused by an update of my Mac or by the server.
  Werner

• How to configure session timeout for SAP Netweaver Portal

  Hi,
  I would like to know the way to configure the session timeout for SAP Netweaver Portal.

  Hi Kim,
  the solution for your question  is in this thread.
  500 Connection timed out
  if it is helpful award me points.
  Regards,
  R.Suganya.

• How to handle sessions with two severs on one machine?

  All,
  I am having a problem with session cookies being overwritten when I host two apps on one machine running WebLogic 8.1 The apps are http://myserver:7300/app1 and http://myserver:7400/app2, and each runs in its own server.
  Users will often access both apps at once, in two browser windows. If the windows are different threads in the same process, the sessions collide. For Internet Explorer, this isn't usually a problem since clicking on the shortcut multiple times launches different processes by default. Some browsers (Firefox, etc.) won't let you have two windows under different processes. Attempts to launch a second window 'detect' the existing process and appear to spawn a new thread. When this happens there appears to be no way for the users to use both apps at once.
  I know this is happening because of the way session cookies are stored in the browser process' memory. The session cookies appear to me to be 'keyed' by the host name or ip address of the server. Does anyone know of a setting in WebLogic so that this 'key' includes the port or context root? Is this even something which can be controlled on the server side?
  Thanks for any help,
  Brian

  Not quite sure what your intent is, but if you want to avoid a clash how
  about giving each application a different default session cookie name.

• BC4J/UIX: How to implement session timeout and logout?

  Hi,
  I need to implement logout function in my UIX application. We use JAZN basic authentication. So several things need to be done when user clicks 'logout'
  1. Any pending transaction is rolled-back.
  2. App Module - what to do with it?
  3. Browser closes or redirects to other page. Any attempts to go BACK will show either 'session expired' or will redirect to login page.
  Also I need a mechanism where if user is idle for say, 10 minutes, that he/she will be automatically logout (maybe after some warning message). How to do this?
  Thanks
  Rade

  Well if you search long enough, you will find your own answers. After months of not having this solved, I found the solution, in a piece of sample code from oracle that is distro with the OC4J stuff.
  if (request.getRemoteUser() != null) {
       // notes that the application is responsible for cleanup
       //invalidate the HttpSession
       HttpSession session = request.getSession();
       session.invalidate();
       String url=null;
       oracle.security.jazn.oc4j.WebSSOUtil.globalLogout(response,url);
       } else      out.println("You are not logged in!");
       out.println("</BODY>");
       out.println("</HTML>");
  This is the piece I was looking for, a way to kill off the SSO session. Now when I click logoff, the user is actually logged off the application and their HTTP session is killed off as well.
  Kelly

• How to handle sessions in struts

  i have created a session. even after logout its not destroying the session.
  //here i am creating session object
  public ActionForward setupdate(ActionMapping mapping,ActionForm form,HttpServletRequest request,HttpServletResponse response) {
            ApplicationForm applicationForm = (ApplicationForm) form;
            String eid=applicationForm.getEid();
            HttpSession session = request.getSession(true);
            try {
                 PrintWriter out=response.getWriter();
                 if( applicationForm.getEid() != null && ! applicationForm.getEid().equals("") )
            session.setAttribute("User",applicationForm.getEid());
            System.out.println("you are logged in");
            out.println("you are logged in");
            } catch (IOException e) {
                 // TODO Auto-generated catch block
                 e.printStackTrace();
                      return mapping.findForward("update") ;
  //this my logout method
  public ActionForward logout(ActionMapping mapping,ActionForm form,
                 HttpServletRequest request,
                 HttpServletResponse response)
            { ApplicationForm applicationForm = (ApplicationForm) form;
            //PrintWriter out=response.getWriter();
            HttpSession session=request.getSession(false);
            try {
                 PrintWriter out=response.getWriter();
                 if(session == null)
                      out.println("FIRST YOU NEED TO LOGIN");
                      System.out.println("FIRST YOU NEED TO LOGIN");
                 else
                      out.println("THANKS FOR USING OUR APPLICATION!!!!");
                      System.out.println("THANKS FOR USING OUR APPLICATION!!!!");
                      out.println("id---->"+session.getId());
                      session.getAttribute("User");
                      session.invalidate();
            } catch (IOException e) {
                 e.printStackTrace();
            return mapping.findForward("logout");}
  please me help me out.
  saju

  You might want to check the API on that method again.
  public void setMaxInactiveInterval(int interval)
  Specifies the time, in seconds, between client requests before the servlet container will invalidate this session. A negative time indicates the session should never timeout.
  With regards to tracking who is logged on there are two issues.
  1 - tracking who is logged on
  - I would probably use a Map in application scope. Database table will also work. Its the same idea. When they log in, mark their presence. When they logout/expire then remove it.
  2 - responding to login/logout/expire events.
  - I would recommend using a HttpSessionBindingListener
  public class User implements HttpSessionBindingListener {
    String name;
    public User(String name){
      this.name = name;
    public void valueBound(HttpSessionBindingEvent event){
      // record login of this user
      if (userLoggedIn(this)){
        //user already logged in - throw an error and invalidate session
      else{
        // mark user as logged in.
    public void valueUnbound(HttpSessionBindingEvent event){
      // record logout of this user.
  }The code is invoked by the object being added/removed from a session.
  User user = new User("Bob");
  session.setAttribute("user", user);Cheers,
  evnafets

• How to handle session expiration in ATG

  Hi,
  We have a requirement wherein we have to redirect the user to a specific jsp when his session is expired. For example if a guest user is in cart page and is idle for more than 30 min he should be redirected to session expired page. We are using Apache web server and Jboss app server. Following are the ways i tried
  1. In Apache/conf/extra/httpd-vhosts.conf, I have set ErrorDocument 409 to session expired jsp - This is failed because jsp is not a static content and only static contents will be present in webserver. If it would have been a simple html (static) then this method would have worked fine I believe.
  2. In cart page I have set the sessionExpirationURL of cartformhandler to appropriate jsp, checkForValidSession to true, CheckSessionExpiration.expirationURL to same session expired jsp. I am not sure why this is not working.
  Please let me know the best way to handle this situation. Any suggestions would be appreciated.
  Regards,
  Avinash

  When user clicks any link on your page after session expired then you can redirect him to login page through your formhandler if a handleX() method was invoked by the request or you can use a filter which can check for something like profile.isTransient(). You can then redirect to the login page from your filter keeping a parameter of the original url to be used as login success url so that after login you can again redirect to the page that user originally intended to see.
  For detecting user idleness in browser, here is one of the possible approach using javascript by implementing a document level keyboard/mouse listener to detect user interaction in your page:
  <script type="text/javascript">
      var t;
      window.onload = resetTimer;
      document.onmousemove = resetTimer;
      document.onkeypress = resetTimer;
      function handleIdleTimedOut() {
          //alert("You are now logged out.");
          window.location.href = 'logout.jsp';
      function resetTimer() {
          clearTimeout(t);
          var timeoutPeriod = 1000 * 60 * 5;  //5 minutes       
          t = setTimeout(handleIdleTimedOut, timeoutPeriod);
  </script>Apart from this, you may also want to take a look at reverse ajax to send the timed out kind of notification to the browser with the help of a HttpSessionListener:
  http://directwebremoting.org/dwr/documentation/reverse-ajax/index.html
  Hope this helps.
  Edited by: Nitin Khare on Aug 23, 2012 12:15 AM

• How to Handle Connection Informatin in a Multi-User Environment

  Hello,
  I am trying to setup SQL Developer on a Terminal Services box where multiple users will have access to use this tool. However, I have noticed that conenction details are shown globally on a Terminal Services box to anyone who has access to use SQL Developer.
  Is there a way to force these connection details to be stored in a user's Documents and Settings directory?
  Thanks in advance...
  Tom

  After digging through the forum a bit, I have found that I can use the following switch in my shortcut to SQLDeveloper to achive this.
  C:\oracle\sqldeveloper\sqldeveloper.exe -J-Dide.user.dir="%USERPROFILE%\.SQLdeveloper"
  I tried to modify the SQLDeveloper.boot but that did not seem to work correctly. The above mentioned switch updates the "c:\documents and settings\%username%\.sqrdeveloper" with all password related information and SQL history that was important to meet our security requirements. We updated the shortcut in the AllUsers profile and this seems to work globally.
  The only bad thing about this approach is that anyone can go into %AppData%\sqldeveloper.exe and run it without using the shortcuts. This would bypass the security precaution.
  Is there a better way to approach this?
  Regards,
  Tom

• ADF BC/ Faces - Session Timeouts in dialogs

  Hi,
  I was wondering if anyone has worked out how to handle session timeouts in dialogs? I have an application which has a shopping cart style dialog which is sized at 800x630 and launched from a main page. When the users session times-out they get the login screen within the dialog. How can I get the dialog to return to the main page and get the user to login there?
  Brenden

  Use the ADF Dialog in conjuncion with the af:poll component. The closing of the dialog is handled by a listener called a returnListner. See the blog entries below for complete details on how to use the dialog framework and its associated listeners.
  http://groundside.com/blog/DuncanMills.php?title=modal_dialogs_in_jsf_with_adf_faces&more=1&c=1&tb=1&pb=1
  http://thepeninsulasedge.com/blog/2006/08/31/adf-faces-working-with-aftableselectone-and-the-dialog-framework/