HTTP is a stateless protocol

Similar Messages

• ECXpert3.5- How to setup HTTP-SSL for xml protocol

  Hi,
  We are using ECXpert3.5 on Solaris box. One of our Trading Partner want to communicate through HTTP-SSL and we are doing XML/EDI mapping. Could you guide us what steps we need to take care to implement this.
  How the external system will talk to ECXpert for transferring files.(We need the syntax for the URL). Could you suggest how to setup the HTTP SSL for XML protocol to receive xml files from remote system.
  Thanks in advance for your help!
  Regards,
  Ravi.

  Hi,
  We are using ECXpert3.5 on Solaris box. One of our Trading Partner want to communicate through HTTP-SSL and we are doing XML/EDI mapping. Could you guide us what steps we need to take care to implement this.
  How the external system will talk to ECXpert for transferring files.(We need the syntax for the URL). Could you suggest how to setup the HTTP SSL for XML protocol to receive xml files from remote system.
  Thanks in advance for your help!
  Regards,
  Ravi.

• J2EE Transactions and HTTP

  Hi,
  This was the closest place I could find to post this question;
  Lets say I have two servers with which I interact - one via jdbc and the other via http, and I execute updates to both of them.
  My question is if anyone has some insights to share with me regarding transaction synchronization between the two. Offcourse, http is a "stateless" protocol, but lets say I can provide "command based" transactional behavior. I was wondering how reasonable it would be to implement a java connector for the http connections, and have the application-server deal with the transaction "decisions". another possibility woulb be to implement a "JTA-like" infrastructure through which I will route my resource-managers interactions. The latter possibility frees me from the need to code a robust implementation of the JCA spec.
  And offcourse, I can simply have no infrastructure and just code the "transactional" behavior into each business method.
  Can anyone share his expirience on similar issues?
  Thanks,
  Uri.

  I think you have two 'problems' intermixed here:
  -The first is the repeatable read setting, causing the first scenario.
  What I think happens is the following:
  Client1: read lock database record (XX)
  Client2: read lock database record (XX)
  Client2: write new value (BB) in record -> wait for some time, because Client1 has read lock!
  Client1: write new value (AA) in record -> wait for some time, because Client2 has read lock!
  Client2: lock wait timeout -> abort, release read lock, value is still XX
  Client1: write lock granted -> update and commit, value is AA
  -As for the second execution: you set the value to XX in the database. Obviously there must be a synchronization problem, because Client 1 does not read or update the database.
  That is why the database-level locks don't interfere as before and Client2 can just execute entirely, and the result in the database is BB. I am not sure why this happens, but my first guess would be that CMP with this manual interference (setting the DB to XX again) is tricky.
  Guy

• How can I use active user session that's in an application scope Hashtable?

  First of all, is it possible to use the same session after a user exits and then returns?
  Second, if it is possible, then please tell me what I need to do. So far, this is what I have been doing...
  1.) The user submits login credentials
  2.) The user is authenticated.
  3.) The user does not have an existing session, so a new one is created.
  4.) The user closes the browser.
  5.) The user returns to login page and submits login credentials.
  6.) The user is authenticated.
  7.) The user has an existing session, so it should be used.
  This is where I'm having trouble. All active sessions for my application are stored in a Hashtable. I have been using <%@ page session="false" %> so that a new session is not automatically created. Each time before I create a new session, I check my Hashtable to see if that user has an existing session. If a session exists for that user, then I would like to continue using that session if possible. I have used the methods request.getSession() and request.getSession(false), but a new session is always returned.
  I could create a new session, copy the attributes from the old session(which is stored in my Hashtable) to the new session, and then invalidate the old session, but I'd rather not do that.
  Is there a way that I can use existing sessions that I have stored in my Hashtable?

  First of all, is it possible to use the same session after a user exits and then returns?No, I don't think so. Let me explain why. When the server creates a session object for each client, it needs to know which client is making the request. Remember that HTTP is a stateless protocol. Every time a client makes a request, it sends some sort of session id to the server to let the server know who is trying to make the request. The server will then check to see if a session object exists for that particular client and if so, it will make sure that the max inactive interval (maximum time alloted for that client's session) has not been exceeded. If every thing is okay, then the client can access the session object to get values that were previously placed there. There are many ways that servers try to keep track of clients. One way is to have the clients write the session ID using cookies. But, many people like disallow cookies. So some servers do what is known as URL rewriting. That is, they will write the session ID on the end of the query string. This can also be accomplished programmatically, but it can be taxing to do. Anways, the point is that the client and the server have to have some sort of link between each other and that link is the session ID. So, if the browser is closed, the session ID is lost. That particular client will be forced to get a new session ID the next time the following code is executed:
  //create a session object and set its values
  HttpSession session = request.getSession(true);>
  Second, if it is possible, then please tell me what I
  need to do. So far, this is what I have been doing...
  1.) The user submits login credentials
  2.) The user is authenticated.
  3.) The user does not have an existing session, so a
  new one is created.
  4.) The user closes the browser.
  5.) The user returns to login page and submits login
  credentials.
  6.) The user is authenticated.
  7.) The user has an existing session, so it should
  be used.If you really want to do something like this, you could make up your own ID and store it as a cookie on the client. I've never tried anything like this before so you would have to do your own research. Are you sure you want to do something like this. There is a reason why it works the way it does. There is also a reason why you want to keep the session timeout value some what small. Let me give you an example of some craziness with sessions. A client we once had wanted to keep their sessions open for 4 hours because they said there clients simply did not like to log in all the time. I nearly gasped when I was told we needed to do this. When you make the session time out large (i.e. the maxInactiveInterval( )), then session objects stick around longer in the server. Let's say a client logs into the server and receives a session object. Then, the client makes a few requests. The server knows to keep the session alive as long as the time between requests has not exceeded 4 hours. Then the client closes the browser. How is the server suppose to know that the browser was closed. Well, it doesn't. It just knows to check times between requests. So, that particular session object won't be garbage collected until the session times out. What if a whole bunch of clients did this. Yucko. The server would have a whole bunch of session objects living in memory. What a waste. This is all above and beyond the typical security problems that can arise from having a session open for so long. To make a long story short, you really shouldn't do what you are trying to do unless it is the nature of the app.
  >
  This is where I'm having trouble. All active sessions
  for my application are stored in a Hashtable. I have
  been using <%@ page session="false" %> so that a new
  session is not automatically created. Each time
  before I create a new session, I check my Hashtable
  to see if that user has an existing session. If a
  session exists for that user, then I would like to
  continue using that session if possible. I have used
  the methods request.getSession() and
  request.getSession(false), but a new session is
  always returned.
  I could create a new session, copy the attributes from
  the old session(which is stored in my Hashtable) to
  the new session, and then invalidate the old session,
  but I'd rather not do that.
  Is there a way that I can use existing sessions that I
  have stored in my Hashtable?

• How can I accomodate for JSessionId in my dynamic links?

  Hey,
  I have dynamic links that are producing "Page not found" errors because of the appended jsessionid.
  Example:
  desired url = http://www.allhonours.ie/Ask/viewq.do?qId=52
  actual url = http://www.allhonours.ie/Ask/viewq.do;jsessionid=2333E4463870ED22CEB657D8DF2380CD?qId=52
  I'm using JBoss/Tomcat and struts.
  I understand that jsessionid is appended when cookies are disabled on the client side.
  Is there any solution to this problem? I know if the page is refreshed, I get the desired url!!
  Ideally I want a session as I store certain info on the session but I dont want jsessionid disrupting my links!
  Any ideas?
  Cheers in advance
  -pb

  You would have to stop tracking the session with cookies and start
  tracking the session on the server.um. how?
  The whole point of the cookie/url rewriting is for the client to identify itself uniquely to the server. HTTP is a stateless protocol. The only way you can run a session, is if each request sends along extra information identifying itself as belonging to a particular session - the jsessionid.
  If cookies are enabled, it sends this data as a SESSION cookie (one that disappears when your browser closes - ie it is not saved to your hard disk) Otherwise it has to use URL rewriting.
  I have dynamic links that are producing "Page not found" errors
  because of the appended jsessionid.Appending the jsessionid should not disrupt your links, unless you are doing something funny with them. Do you process the URL yourself in anyway?
  What version of Tomcat/Struts are you using? Are you putting the jsessionid in there, or is it coming automatically?
  Basically I don't see any way around your problem, short of writing your own session handling mechanism. (bad idea)

• How to keep alive a session in Web Services?

  I have to do my project, that will be including some following features:
  1. Login to Application through Web Services method. For example:
  http://mydomain.com/web-services/Login?WSDL
  2. After logging in, use mySms method to send message to Cellphone through Web Services! For example:
  http://mydomain.com/web-services/mySms?WSDL
  My questions are:
  1. How can I keep alive the session after logging in the application in Web Services? In Web, I can use "Session".
  2. If someone has not logged in the Application, he/she could not use mySms method for sending Sms. How can I do that?
  3. I know, when I invoke a Web Services, one JavaBean has been called, and this bean is persistence with his own states. It means, if I set value to parameters of this bean, these values are persistence for invoked methods by other persons.
  For example:
  mySms bean has a private field "jid" inited with NULL value.
  Person A invoked mySms.
  Then, A set jid of mySms to value "A".
  Person B invoked mySms. B got jid value. He receive the result value is "A".
  The question is, how can I set mySms bean so that mySms bean is not persistence?
  Thanks many!

  Hi,
  I can right away answer your FIRST Question.
  Since WebServices are PURELY Based on SOAP which is in tern based on HTTP, they rely on a Stateless protocol.
  I am sure you know that the HTTP is the STATELESS Protocol and so you can not maintain Session and so EACH Http REQUEST is considered as a SEPERATE REQUEST.
  Now, still you want to maintain the Session in WebServices,
  The simple answer is PASSING PARAMETERS.
  Just Maintain your Session on Client (If you are using JSPs or Servlets to CAll WEBSERVICES then maintain Session through your HTTPSession) and each time you Invoke WebService PASS ON REQUIRED Parameters.
  This Approach is Exactly like your URL REWriting OR your Parameters Passing through QUERY STRINGS.
  I hope you got what I am saying!
  Take care,
  Himanshu/

• Differences between cookies and sessions

  Hi there,
  I want to learn the differences between sessions and cookies in PHP.Please help me.
  Please let me know if there any video demonstrations that explain sessions and cookies.
  Thanks in advance.

  Cookies and server side sessions are related in that they are both ways to persist data. This is required because of the fact that http is a stateless protocol, meaning that each request and response are independent transactions. Cookies are stored on the client. You might use them to store the contents of a shopping cart, or a user login id for a particular site. Or you could store a setting so that the user is automatically logged in, similar to what occurs here in the adobe site / forums. You can set various options for when cookies expire. Cookies that persist when the browser is closed are store in files, otherwise they could be store in memory only. Cookies can be created using either client or server side code.
  Server side sessions are created on the server with a server side scripting language. A session id is generated and stored as a token on the client (in an in memory cookie) so that the server can track requests from the same originating client. Session variables are ways to store data related to the session on the server. Sessions use server resources which is why you should only use them when necessary and destroy them when done. When the session is destroyed, the session variables are gone so if you want to keep them for later you can store them in a database or store them in a cookie.
  HTTP cookie - Wikipedia, the free encyclopedia
  Hope that helps

• [JAXM] Several call to same servlet does not work

  I have a working jaxm client, which works fine. But for test purpose I wanted to send several requests to my server using the same connection.
  If I do // Send the message
  reply = connection.call(message, endpoint); it works fine.
  But if I try this:// Send the message
  reply = connection.call(message, endpoint);
  // Send it again
  reply = connection.call(message, endpoint);the first call success, but the second one crashes and
  I get the following exception in my client :java.io.FileNotFoundException: http://localhost:7001/SOAPRPCRouterServlet
          at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:545)
          at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:230)
          at com.sun.xml.messaging.client.p2p.HttpSOAPConnection.post(HttpSOAPConnection.java:203)
          at com.sun.xml.messaging.client.p2p.HttpSOAPConnection$PriviledgedPost.run(HttpSOAPConnection.java:110)
          at java.security.AccessController.doPrivileged(Native Method)
          at com.sun.xml.messaging.client.p2p.HttpSOAPConnection.call(HttpSOAPConnection.java:89)And the following one in my server (weblogic 5.1) :Fri Jan 04 11:13:58 CET 2002:<E> <HTTP> Connection failure
  java.net.SocketException: Connection shutdown: JVM_recv in socket input stream read
          at java.net.SocketInputStream.socketRead(Native Method)
          at java.net.SocketInputStream.read(SocketInputStream.java:86)
          at weblogic.socket.JavaSocketMuxer.processSockets(JavaSocketMuxer.java:209)
          at weblogic.socket.SocketReaderRequest.execute(SocketReaderRequest.java:23)
          at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:129)I tried to build a new message, but the result is exaclty the same.
  Does I do things in the wrong way (maybe connection must be closed and reopen for each message, but I didn't found anything about this in the doc) or is it a bug in JaxM ?

  I have a possible suggestion. The reference implementation sends a SOAP message via the HTTP protocol. The standard HTTP protocol approach is to open a connection, perform the operation, and then close the connection. I have a feeling that once you have used the SOAPConnection object to send and retrieve the message, the underlying HTTP connection is automatically closed.HTTP is a stateless protocol so once the server has delivered the request, it closes the connection and has no memory of the reuqest. Hence you cannot send subsequent requests on the same HTTP connection, any attempts to do so result in the errors that you see. What you will have to do is open up a new SOAPConnection object for each new message sent.
  Hope this helps.

• Oracle Applications 11i Load Balancing does not work with RAC one Node

  Hi all,
  Could you help me to resolve this issue.
  Architecture environment is :
  - One APPS tier node
  - Two nodes Oracle Database Appliance (Primary node 1 holds INSTANCE_1 et Secondary node is configurured to holds INSTANCE_2), i.e RAC one Node.
  - The primary node have instance_name SIGM_1 and the secondary node have instance_name SIGM_2, but in RAC one node, the secondary instance is not alive.
  We convert our EBS 11i environment to RAC following note ID Using Oracle 11g Release 2 Real Application Clusters with Oracle E-Business Suite Release 11i [ID 823586.1].
  When testing Database failover, Oracle Applications 11i load balancing does not work anymore.
  The root cause is that, when the primary node of the Rac one node is down, the INSTANCE_NAME_1 is automaically relocating to the surviving node,.
  During test failover, we imagine that when the primary node goes down, the secondary node start or relocate database with instance_name SIGM_2, and in that case the Oracle Applications load balancing works.
  Currently, when the primary node goes down, the instance_name SIGM_1 is relocated on the secondary node, which cause failure of Oracle Applications Load Balancing.
  Thank you for your advice.
  Moussa

  This is something I observed a long time ago for Safari (ie: around version 1). I'm not sure this is Safari, per se, but OpenSSL that is responsible for the behavior. I'm pretty sure Chrome does this and I've seen some Linux browsers do it.
  What I have done at the last two companies I've worked for is recommend that our clients do not use SSL SessionID as the way of tracking sticky sessions on web servers, but instead using IP address. This works in nearly all cases and has few downsides. The other solution is to use some sort of session sharing on your web servers to mitigate the issue (which also means that your web servers aren't a point of failure for your users' sessions). (One of the products I supported had no session information stored on the web servers, so we could safely round-robin requests, the other product could be implemented with a Session State Server... but in most cases we just used IP address to load balance with). The other solution is to configure your load balancer to terminate the SSL tunnel. You get some other benefits from this, such as allowing your load balancer to reduce the number of actual connections to the web servers. I've seen many devices setup this way.
  One thing to consider through this is that - due to the way internet standards work - this really can't be termed a bug on anyone's part. There is no guarantee in the SSL/TLS standards that a client will return the same SSL Session ID for each request and there is not requirement that subsequent requests will even use the same tunnel. Remember, HTTP is a stateless protocol. Each request is considered a new request by the web server and everything else is just trickery to try and get it to work the way you want. You can be annoyed at Safari's behavior, but it's been this way for over 5 years by my count, so I don't expect it to change.

• HOW TO MANAGE THE SESSION IN JSF 2.0

  Hi to All.
  I need your help, I am beginner in JSF 2.0, and wanted to know how the sessions work on jsf 2.0?. If you could send a small example.
  I need my web application is safe, for example I have a web page users.xhtml to this web page must be entered after the login.xhtml loggedin and redirect if it is not.
  On the other hand need to handle logout in my web application.
  I hope I can help.
  I thank you in advance for your help.
  Greetings.

  This may help you...
  1. What is Session Tracking?
  There are a number of problems that arise from the fact that HTTP is a "stateless" protocol. In particular, when you are doing on-line shopping, it is a real annoyance that the Web server can't easily remember previous transactions. This makes applications like shopping carts very problematic: when you add an entry to your cart, how does the server know what's already in your cart? Even if servers did retain contextual information, you'd still have problems with e-commerce. When you move from the page where you specify what you want to buy (hosted on the regular Web server) to the page that takes your credit card number and shipping address (hosted on the secure server that uses SSL), how does the server remember what you were buying?
  There are three typical solutions to this problem.
  1. Cookies. You can use HTTP cookies to store information about a shopping session, and each subsequent connection can look up the current session and then extract information about that session from some location on the server machine. This is an excellent alternative, and is the most widely used approach. However, even though servlets have a high-level and easy-to-use interface to cookies, there are still a number of relatively tedious details that need to be handled:
  * Extracting the cookie that stores the session identifier from the other cookies (there may be many, after all),
  * Setting an appropriate expiration time for the cookie (sessions interrupted by 24 hours probably should be reset), and
  * Associating information on the server with the session identifier (there may be far too much information to actually store it in the cookie, plus sensitive data like credit card numbers should never go in cookies).
  2. URL Rewriting. You can append some extra data on the end of each URL that identifies the session, and the server can associate that session identifier with data it has stored about that session. This is also an excellent solution, and even has the advantage that it works with browsers that don't support cookies or where the user has disabled cookies. However, it has most of the same problems as cookies, namely that the server-side program has a lot of straightforward but tedious processing to do. In addition, you have to be very careful that every URL returned to the user (even via indirect means like Location fields in server redirects) has the extra information appended. And, if the user leaves the session and comes back via a bookmark or link, the session information can be lost.
  3. Hidden form fields. HTML forms have an entry that looks like the following: <INPUT TYPE="HIDDEN" NAME="session" VALUE="...">. This means that, when the form is submitted, the specified name and value are included in the GET or POST data. This can be used to store information about the session. However, it has the major disadvantage that it only works if every page is dynamically generated, since the whole point is that each session has a unique identifier.
  Servlets provide an outstanding technical solution: the HttpSession API. This is a high-level interface built on top of cookies or URL-rewriting. In fact, on many servers, they use cookies if the browser supports them, but automatically revert to URL-rewriting when cookies are unsupported or explicitly disabled. But the servlet author doesn't need to bother with many of the details, doesn't have to explicitly manipulate cookies or information appended to the URL, and is automatically given a convenient place to store data that is associated with each session.
  2. The Session Tracking API
  Using sessions in servlets is quite straightforward, and involves looking up the session object associated with the current request, creating a new session object when necessary, looking up information associated with a session, storing information in a session, and discarding completed or abandoned sessions.
  2.1 Looking up the HttpSession object associated with the current request.
  This is done by calling the getSession method of HttpServletRequest. If this returns null, you can create a new session, but this is so commonly done that there is an option to automatically create a new session if there isn't one already. Just pass true to getSession. Thus, your first step usually looks like this:
  HttpSession session = request.getSession(true);
  2.2 Looking up Information Associated with a Session.
  HttpSession objects live on the server; they're just automatically associated with the requester by a behind-the-scenes mechanism like cookies or URL-rewriting. These session objects have a builtin data structure that let you store any number of keys and associated values. In version 2.1 and earlier of the servlet API, you use getValue("key") to look up a previously stored value. The return type is Object, so you have to do a typecast to whatever more specific type of data was associated with that key in the session. The return value is null if there is no such attribute. In version 2.2, getValue is deprecated in favor of getAttribute, both because of the better naming match with setAttribute (the match for getValue is putValue, not setValue), and because setAttribute lets you use an attached HttpSessionBindingListener to monitor values, while putValue doesn't. Nevertheless, since few commercial servlet engines yet support version 2.2, I'll use getValue in my examples. Here's one representative example, assuming ShoppingCart is some class you've defined yourself that stores information on items being purchased.
  HttpSession session = request.getSession(true);
  ShoppingCart previousItems =
  (ShoppingCart)session.getValue("previousItems");
  if (previousItems != null) {
  doSomethingWith(previousItems);
  } else {
  previousItems = new ShoppingCart(...);
  doSomethingElseWith(previousItems);
  In most cases, you have a specific attribute name in mind, and want to find the value (if any) already associated with it. However, you can also discover all the attribute names in a given session by calling getValueNames, which returns a String array. In version 2.2, use getAttributeNames, which has a better name and which is more consistent in that it returns an Enumeration, just like the getHeaders and getParameterNames methods of HttpServletRequest.
  Although the data that was explicitly associated with a session is the part you care most about, there are some other pieces of information that are sometimes useful as well.
  * getId. This method returns the unique identifier generated for each session. It is sometimes used as the key name when there is only a single value associated with a session, or when logging information about previous sessions.
  * isNew. This returns true if the client (browser) has never seen the session, usually because it was just created rather than being referenced by an incoming client request. It returns false for preexisting sessions.
  * getCreationTime. This returns the time, in milliseconds since the epoch, at which the session was made. To get a value useful for printing out, pass the value to the Date constructor or the setTimeInMillis method of GregorianCalendar.
  * getLastAccessedTime. This returns the time, in milliseconds since the epoch, at which the session was last sent from the client.
  * getMaxInactiveInterval. This returns the amount of time, in seconds, that a session should go without access before being automatically invalidated. A negative value indicates that the session should never timeout.
  2.3 Associating Information with a Session
  As discussed in the previous section, you read information associated with a session by using getValue (or getAttribute in version 2.2 of the servlet spec). To specify information, you use putValue (or setAttribute in version 2.2), supplying a key and a value. Note that putValue replaces any previous values. Sometimes that's what you want (as with the referringPage entry in the example below), but other times you want to retrieve a previous value and augment it (as with the previousItems entry below). Here's an example:
  HttpSession session = request.getSession(true);
  session.putValue("referringPage", request.getHeader("Referer"));
  ShoppingCart previousItems =
  (ShoppingCart)session.getValue("previousItems");
  if (previousItems == null) {
  previousItems = new ShoppingCart(...);
  String itemID = request.getParameter("itemID");
  previousItems.addEntry(Catalog.getEntry(itemID));
  // You still have to do putValue, not just modify the cart, since
  // the cart may be new and thus not already stored in the session.
  session.putValue("previousItems", previousItems);
  3. Example: Showing Session Information
  Here is a simple example that generates a Web page showing some information about the current session. You can also download the source or try it on-line.
  package hall;
  import java.io.*;
  import javax.servlet.*;
  import javax.servlet.http.*;
  import java.net.*;
  import java.util.*;
  /** Simple example of session tracking. See the shopping
  * cart example for a more detailed one.
  * <P>
  * Part of tutorial on servlets and JSP that appears at
  * http://www.apl.jhu.edu/~hall/java/Servlet-Tutorial/
  * 1999 Marty Hall; may be freely used or adapted.
  public class ShowSession extends HttpServlet {
  public void doGet(HttpServletRequest request,
  HttpServletResponse response)
  throws ServletException, IOException {
  HttpSession session = request.getSession(true);
  response.setContentType("text/html");
  PrintWriter out = response.getWriter();
  String title = "Searching the Web";
  String heading;
  Integer accessCount = new Integer(0);;
  if (session.isNew()) {
  heading = "Welcome, Newcomer";
  } else {
  heading = "Welcome Back";
  Integer oldAccessCount =
  // Use getAttribute, not getValue, in version
  // 2.2 of servlet API.
  (Integer)session.getValue("accessCount");
  if (oldAccessCount != null) {
  accessCount =
  new Integer(oldAccessCount.intValue() + 1);
  // Use putAttribute in version 2.2 of servlet API.
  session.putValue("accessCount", accessCount);
  out.println(ServletUtilities.headWithTitle(title) +
  "<BODY BGCOLOR=\"#FDF5E6\">\n" +
  "<H1 ALIGN=\"CENTER\">" + heading + "</H1>\n" +
  "<H2>Information on Your Session:</H2>\n" +
  "<TABLE BORDER=1 ALIGN=CENTER>\n" +
  "<TR BGCOLOR=\"#FFAD00\">\n" +
  " <TH>Info Type<TH>Value\n" +
  "<TR>\n" +
  " <TD>ID\n" +
  " <TD>" + session.getId() + "\n" +
  "<TR>\n" +
  " <TD>Creation Time\n" +
  " <TD>" + new Date(session.getCreationTime()) + "\n" +
  "<TR>\n" +
  " <TD>Time of Last Access\n" +
  " <TD>" + new Date(session.getLastAccessedTime()) + "\n" +
  "<TR>\n" +
  " <TD>Number of Previous Accesses\n" +
  " <TD>" + accessCount + "\n" +
  "</TABLE>\n" +
  "</BODY></HTML>");
  public void doPost(HttpServletRequest request,
  HttpServletResponse response)
  throws ServletException, IOException {
  doGet(request, response);
  }

• Orawsv performance tunning and debugging

  Hi all ,
  first I hope I've reached the right forum .
  we've developed a .net <--> oracle application , which use oracle web services a lot , and it is great since it reduce our development time (no need to setup middle tier application server for webservice)
  However , when trying to scale/stress the solution we've encountered serveral issues , which I would like to know if others has them as well:
  1. it seems that the servlet is opening a db connection for every call , this seems a little expensive (I've not tested yet if it a logical connection using shared server of dedicate one -- anyone know ?? ) .
  it there a way to tell the servlet to work with connection pool ? or keep the connections open ?
  2. if i want to profile/debug/monitor the servlet ? where are the logfiles ?
  it seems that the listener log is written for every call (which make sence ) but the it grows big
  3. I want to know if anyone is using it on production with large scale (about 100 request per min ) ? or should i think on using web-service middle tier .?
  thanks amihay .
  we are using 11.2.0.1 on windows 2008 64 bit .

  All HTTP activity, including WebServices is handled using Shared Server mode, since HTTP is a stateless protocol.
  Make sure you have enought shared servers configured to handle the number of concurrent requests you expect to service.
  The HTTP Server does not log. If you need logging you will need to wrap the procedures you want to call with one that logs..
  100 Requests a min should not be a problem assuming you have sufficient horsepower on the box and sufficient shared servers configured. However it was never desinged or intended to scale to 1000's per second. For that you should be using a full mid-tier implementatin.

• Refresh my memory (stat counters)

  A client has asked for a stat counter on each page of their
  web site....yuk.
  What's the technical information about why these are not a
  good idea? I
  would just usually say f--k off tosser but I need to be a bit
  more
  diplomatic and convincing by provide an alternative option
  for getting
  that information. (hey after all I'm dealing firstly with
  graphic
  designers and secondly the client themselves, not a great
  mix)
  I know counters don't provide any 'real' information but I
  need to put
  forward a convincing argument as to why they don't. I also
  need to
  provide an alternative method as to get access to how many
  visitors have
  accessed certain pages. This is done via the web stats right?
  Do all
  servers provide easy access to web stats. I'm not hosting
  this
  particular site someone else provided that part of the
  service so I
  don't know what's available.
  As an aside note is there a resource where I can download
  little icons
  of master/visa cards. I could just get them from any site I
  guess but
  does an official resource exist?
  Cheers,
  Os

  > Hummmm so trying to find out how many visitors access
  the site is a
  > pointless excerise?
  Yes, as far as these client-side counters go. Ask the client
  what kind of
  information they expect to get from this.
  Murray --- ICQ 71997575
  Adobe Community Expert
  (If you *MUST* email me, don't LAUGH when you do so!)
  ==================
  http://www.projectseven.com/go
  - DW FAQs, Tutorials & Resources
  http://www.dwfaq.com - DW FAQs,
  Tutorials & Resources
  ==================
  "Osgood" <[email protected]> wrote in
  message
  news:[email protected]...
  > Michael Fesser wrote:
  >> .oO(Osgood)
  >>
  >>> A client has asked for a stat counter on each
  page of their web
  >>> site....yuk.
  >>>
  >>> What's the technical information about why these
  are not a good idea?
  >>
  >> The information can _never_ be accurate, because
  there's no way to
  >> identify a particular user. HTTP is a stateless
  protocol. There could be
  >> a single user with a dozen different IP addresses or
  a hundred users all
  >> with the same IP. The first would be counted as a
  dozen visitors, the
  >> latter would usually only count as one, because most
  counter scripts
  >> keep track of the IP addresses to prevent simple
  page reloads to
  >> increase the counter.
  >
  > Yup.....I'll snip that piece of info and use it.
  >
  >
  >> So something like "1234 visitors since ..." really
  means _nothing_. In
  >> fact it could also have been just 100 or even 10000
  real visitors. Stat
  >> counters are as accurate as rolling a dice. You
  could also use a script
  >> that increases the counter every hour by a randomly
  chosen number ...
  >
  > ok, I hope the client doesn't mis-interpret this as "I
  don't know how to
  > include a stat counter' ....hmmmm. At the moment I seem
  to always be
  > advising clients the best options without the real
  conviction of knowing
  > if they are totally satisfied with my
  answers.....bummer.
  >
  >
  >>> I know counters don't provide any 'real'
  information but I need to put
  >>> forward a convincing argument as to why they
  don't. I also need to
  >>> provide an alternative method as to get access
  to how many visitors have
  >>> accessed certain pages. This is done via the web
  stats right?
  >>
  >> Yes. Every webserver writes access and error
  logfiles. The raw logs are
  >> hard to understand, but there are a lot of logfile
  analyzers available.
  >> On my servers for example AWStats is already
  installed.
  >>
  >>> Do all servers provide easy access to web stats.
  >>
  >> Logs - yes, analyzers - no. The latter have to be
  installed separately
  >> on the server or you would have to use a stand-alone
  program. Then you
  >> just have to download the raw server logs and feed
  them to the analyzer.
  >
  > That's what I thought. I dont really want to get
  involved with analyers
  > myself as I wouldn't get paid to do so. I'm not sure if
  this client is up
  > to anything other than the simplest procedure to access
  this information.
  >
  >> But remember: HTTP is stateless. What was said above
  about counters also
  >> applies to the logfiles. The informations presented
  by an analyzer can
  >> never be accurate, they're also based on assumptions
  and estimations.
  >> Different analyzers use different algorithms, so
  you'll get different
  >> results from the same logs!
  >
  > Hummmm so trying to find out how many visitors access
  the site is a
  > pointless excerise?
  >
  >>> As an aside note is there a resource where I can
  download little icons
  >>> of master/visa cards. I could just get them from
  any site I guess but
  >>> does an official resource exist?
  >>
  >>
  http://images.google.com ;-)
  >
  >> I usually look there first if I can find something
  useful. In case of
  >> such logos I look for images with the best quality
  and modify/resize
  >> them in my image editor as needed. Of course I never
  use downloaded
  >> images directly in my own projects (unless it's
  allowed explicitly).
  >> I always modify them or just use them as a template
  for my own work.
  >>
  >> For an official source I would probably look at the
  company's websites
  >> first.
  >
  > Yeah ok....I was just being a it lazy....its Friday lol.
  >
  >
  > Thanks for the input. I'll definitely use some of it to
  put up an argument
  > as to why counters are pretty pointless.

• What is session tracking in servlets?

  Hi ,
  I'm studying servlets I don't have the clear idea about session tracking and Why and where we need to use it. Can any one say about this.....
  Thanks in advance,
  Maheshwaran Devaraj

  Well Mheshpmr session tracking in servlets is very important...There are a number of problems that arise from the fact that HTTP is a "stateless" protocol. In particular, when you are doing on-line shopping, it is a real annoyance that the Web server can't easily remember previous transactions. This makes applications like shopping carts very problematic: when you add an entry to your cart, how does the server know what's already in your cart? Even if servers did retain contextual information, you'd still have problems with e-commerce. When you move from the page where you specify what you want to buy (hosted on the regular Web server) to the page that takes your credit card number and shipping address (hosted on the secure server that uses SSL), now let me tell you, how does the server remember what you were buying?
  Well There are three typical solutions to this problem.
  1. Cookies. You can use HTTP cookies to store information about a shopping session, and each subsequent connection can look up the current session and then extract information about that session from some location on the server machine. This is an excellent alternative, and is the most widely used approach. However, even though servlets have a high-level and easy-to-use interface to cookies, there are still a number of relatively tedious details that need to be handled:
  * Extracting the cookie that stores the session identifier from the other cookies (there may be many, after all),
  * Setting an appropriate expiration time for the cookie (sessions interrupted by 24 hours probably should be reset), and
  * Associating information on the server with the session identifier (there may be far too much information to actually store it in the cookie, plus sensitive data like credit card numbers should never go in cookies).
  2. URL Rewriting. You can append some extra data on the end of each URL that identifies the session, and the server can associate that session identifier with data it has stored about that session. This is also an excellent solution, and even has the advantage that it works with browsers that don't support cookies or where the user has disabled cookies. However, it has most of the same problems as cookies, namely that the server-side program has a lot of straightforward but tedious processing to do. In addition, you have to be very careful that every URL returned to the user (even via indirect means like Location fields in server redirects) has the extra information appended. And, if the user leaves the session and comes back via a bookmark or link, the session information can be lost.
  3. Hidden form fields. HTML forms have an entry that looks like the following: <INPUT TYPE="HIDDEN" NAME="session" VALUE="...">. This means that, when the form is submitted, the specified name and value are included in the GET or POST data. This can be used to store information about the session. However, it has the major disadvantage that it only works if every page is dynamically generated, since the whole point is that each session has a unique identifier.
  Servlets provide an outstanding technical solution: the HttpSession API. This is a high-level interface built on top of cookies or URL-rewriting. In fact, on many servers, they use cookies if the browser supports them, but automatically revert to URL-rewriting when cookies are unsupported or explicitly disabled. But the servlet author doesn't need to bother with many of the details, doesn't have to explicitly manipulate cookies or information appended to the URL, and is automatically given a convenient place to store data that is associated with each session.

• Oracle select for update: not releasing lock

  My JDBC code uses "select for update" to modify record in Oracle database. I tried to simulate network connection down situation.
  After my JDBC code locked on a record using "select for update", I unplugged the network cable. I then tried to run the same code on another computer, but it could not accquire the lock, because the previous lock was not released. I tried sqlplus to lock the record, but failed also. The lock has been there for at least an hour now. I guess it may finally be released, but is there a way for oracle to release the lock as soon as the connection is down? Not know if it is a JDBC setting or oracle setting.

  Dear Friend,
  What you are trying to do is not correct way of checking the concurrency and transaction.
  The reason is as listed below.
  01.Always remember http is a stateless protocol and removing the connection or just closing the browser will never be informed to the database or to the application server thus the transaction monitor (TM)or processor will never release the lock as it will deem that the actor is manipulating the data.
  02.As per locking goes every database is having a �TM� and the default isolation level setting is different like oracle uses serializable DB2udb 7.0 or db2/As400 uses repeatable read. You can change this setting by editing the default setting in the database but be very sure before touching it.
  03.     You can also transpose this with your Application server setting for that piece of code or Globally but again be very sure about it as it will change the entire gamete.
  04.     For releasing lock you have to manually do it or you can change the settings of App server or the Database to release the connection after some wait time.
  Regards,
  Ruchir

• Database select for update locks ADF

  Hi,
  When a user has initiated an update session in an adf application and locking is optimistic it will acquire a lock on table row using select for update no wait; . But when the user closes a tab the session would not be terminated. Now i know as HTTP is a stateless protocol, we can wait for the timeout and then the lock will be released using a session listener implementation. But if the user instead tries to log in again in a new tab and tries to edit the same record he will receive a message stating that another user already holds a lock on the record which is correct, but is misleading.
  So can we rely on javascript for these scenarios that as soon as the user closes the tab the session should be terminated.
  Here's a snippet
  <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/dojo/1.4/dojo/dojo.xd.js" ></script>
  <script type="text/javascript">
  var unLoad = function() {
      dojo.io.script.get({
      url:'http://127.0.0.1:7101/myapp/adfAuthentication?logout=true',
      timeout:15000,
    dojo.addOnWindowUnload(unLoad);
  </script>I know this might not work always as it depends on the fact that request might / might not be processed by the server.
  Are there any alternate solutions and also reducing the session timeout is ruled out in my scenario.

  Ramandeep,
  So are there other alternatives or solutionsAlternatives or solutions to what, exactly? As Jobinesh has told you, as long as you use optimistic locking, ADF doesn't acquire database locks except in the context of a transaction that is going to be completed in the current HTTP request. You could obviously force ADF to deviate from this if you called "postChanges" during an HTTP request and leave the transaction hanging, but that would just be wrong in an optimistic locking scenario - the solution would be "don't do that."
  John