ICX Session Cookie

Does anyone know where you can get any information on the ICX Session Cookie used by E-Business Suite - say an FAQ ?
I have just used this cookie to integrate E-Biz with OBIEE. However I was wondering what the structure and technical content is of this cookie.
Also is this cookie used for anything else other than integrating to OBIEE ?
thanks,
Jim

Hi,
Does anyone know where you can get any information on the ICX Session Cookie used by E-Business Suite - say an FAQ ?I do not think such a FAQ exists -- Log a SR to confirm this with Oracle support.
I have just used this cookie to integrate E-Biz with OBIEE. However I was wondering what the structure and technical content is of this cookie.
Also is this cookie used for anything else other than integrating to OBIEE ?AFAIK, it is only used to integrate EBS with OBIEE -- See these docs.
Oracle SSO E-Business Suite Applications Integration with Oracle Business Intelligence [ID 553423.1]
Integrating Oracle Business Intelligence Applications with Oracle E-Business Suite [ID 552735.1]
Obiee: Session Variable Nq_session.Icx_session.Icx_session_cookie Has No Value [ID 564025.1]
Fusion Intelligence - Diagnosing "Not Logged In" Error When Connecting From E-Business Suite [ID 428364.1]
Thanks,
Hussein

Similar Messages

  • How to Set up HTTPOnly and SECURE FLAG for session cookies

    Hi All,
    To fix some vulnerability issues (found in the ethical hacking , penetration testing) I need to set up the session cookies (CFID , CFTOKEN , JSESSIONID) with "HTTPOnly" (so not to access by other non HTTP APIs like Javascript). Also I need to set up a "secure flag" for those session cookies.
    I have found the below solutions.
    For setting up the HTTPOnly for the session cookies.
    1] In application.cfc we can do this by using the below code. Or we can do this in CF admin side under Server Settings » Memory Variables
         this.sessioncookie.httponly = true;
    For setting up the secure flag for the session cookies.
    2] In application.cfc we can do this by using the below code. Or we can do this in CF admin side under Server Settings » Memory Variables
         this.sessioncookie.secure = "true"
    Here my question is how we can do the same thing in Application.cfm?. (I am using ColdFusion version 10). I know we can do this using the below code , incase of HTTPOnly (for example).
    <cfapplication setclientcookies="false" sessionmanagement="true" name="test">
    <cfif NOT IsDefined("cookie.cfid") OR NOT IsDefined("cookie.cftoken") OR cookie.cftoken IS NOT session.CFToken>
      <cfheader name="Set-Cookie" value="CFID=#session.CFID#;path=/;HTTPOnly">
      <cfheader name="Set-Cookie" value="CFTOKEN=#session.CFTOKEN#;path=/;HTTPOnly">
    </cfif>
    But in the above code "setclientcookies" has been set to "false". In my application (it is an existing application) this has already been set to "true". If I change this to "false" as mentioned in the above code then ColdFusion will not automatically send CFID and CFTOKEN cookies to client browser and we need to manually code CFID and CFTOKEN on the URL for every page that uses Session. Right???. And this will be headache.Right???. Or any other way to do this.
    Your timely help is well appreciated.
    Thanks in advance.

    BKBK wrote:
    Abdul L Koyappayil wrote:
    BKBK wrote:
    You can switch httponly / secure on and off, as we have done, for CFID and CFToken. However, Tomcat automatically switches JsessionID to 'secure' when it detects that the protocol is secure, that is, HTTPS.
    I couldnt understand this. I mean how are you relating this with my question.
    When Tomcat detects that the communication protocol is secure (that is, HTTPS), it automatically switches on the 'secure' flag for the J2EE session cookie, JsessionID. Tomcat is configured to do that. Coldfusion has no say in it. So, for JsessionID, 'secure' is automatically set to 'false' when HTTP is detected and automatically set to 'true' when HTTPS is detected.
         If this is the case then why I am getting below info for jsessionid (As you mentioned it should set with SECURE flag . Right???). Note that we are using web server - Apache vFabric .And the application that we are using is in https and there is no hit is going from https to http.
    Name:
    JSESSIONID
    Content:
    782BF97F50AEC00B1EBBF1C2DBBBB92F.xyz
    Domain:
    xyz.abc.pqr.com
    Path:
    Send for:
    Any kind of connection
    Accessible to script:
    No (HttpOnly)
    Created:
    Wednesday, September 3, 2014 2:25:10 AM
    Expires:
    When the browsing session ends
    BKBK wrote:
    2]When I checked CF Admin->Server Settings->Memory Variables I found that J2EE SESSION has been set to YES. So does this mean that do we need to set HTTPOnly and SECURE flag for JSESSIONID only or for CF session cookies (CFID AND CFTOKEN ) as well ?.
    Set HTTPOnly / Secure for the session cookies that you wish to use. Each cookie has its pros and cons. For example, the JsessionID cookie is more secure and more Java-interoperable than CFID/CFToken but, from the explanation above, it forbids the sharing of sessions between HTTP and HTTPS.
         I understood that setting thos flags (httponly/secure) is as per my wish. But my question was , is it necessary to set those flags forcf session cookies (cfid and cftoken) as we have enabled J2EE session in CF admin?. Or in other way as the session management is J2EE based do we need to set those flags for CF session cookies?.
    BKBK wrote:
    3]If I need to set HTTPOnly and SECURE flag for JSESSIONID , how can I do that.
    It is sufficient to set the HTTPOnly only. As I explained above, Tomcat will automatically set 'secure' to 'true' when necessary, that is, when the protocol is HTTPS.
         I understood that it is sufficient to set httponly only.but how we will set it for jsessionid?. This is my question. Apache vFabric will alos set secure to true automatically. Any idea??

  • Weblogic.httpd.session.cookies.enable not working in WLS4.5 sp 11 ?

    I want to disable the use of cookies in WLS 4.5, and set the following
    weblogic.httpd.session.cookies.enable=false
    In WLS 4.5 sp7, this correctly prevents the server from using cookies
    for session-tracking, forcing the extraction of the session id from a
    rewritten URL.
    However, for WLS 4.5 sp11 cookies are still sent from the server
    Is this a known issue ?
    jo

    I want to disable the use of cookies in WLS 4.5, and set the following
    weblogic.httpd.session.cookies.enable=false
    In WLS 4.5 sp7, this correctly prevents the server from using cookies
    for session-tracking, forcing the extraction of the session id from a
    rewritten URL.
    However, for WLS 4.5 sp11 cookies are still sent from the server
    Is this a known issue ?
    jo

  • Can portal session cookies be used between two data centers

    OAS generates the following header information and session information for my application. However when I need to failover the originating OAS datacenter into my hot stand-by for maintenance or upgrades, the OAS in the other datacenter responds with a 503 web error. We are using Akamai's GTM to manage the liveness of the datacenter, so we would need the hot stand-by OAS portal in that datacenter to return a 302 error code. Is there some method that we can add to our portal application which would always return a 302 error code.
    See header information collected through wfetch. The 503 error is caused by the hot stand-by data center not accepting or recognizing the cookie. Both OAS datacenters are IDENTICAL in Oracle levels, application levels, web servers, portals and OS patches.
    resolve hostname "170.107.183.32"WWWConnect::Connect("170.107.183.32","80")\nsource port: 2182\r\n
    GET /portal/pls/portal/PORTAL.wwsec_app_priv.login?p_requested_url=%2Fportal%2Fpls%2Fportal%2FPORTAL.home&p_cancel_url=%2Fportal%2Fpls%2Fportal%2FPORTAL.home HTTP/1.1\r\n
    Accept: */*\r\n
    Accept-Language: en-us\r\n
    Accept-Encoding: gzip, deflate\r\n
    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)\r\n
    Host: www.thomson-pharma.com\r\n
    Connection: Keep-Alive\r\n
    Cookie: ORA_WX_SESSION="10.225.8.30:80-1#2"; portal=9.0.3+en-us+us+AMERICA+3D66674E7EED0801E04400144F41424E+BBAA98EEB32D58C086231A8D6CBE2E5D402D89B0E79D83A18C668BB0CA7417B4044DEA389C8B50DD37D9272A24B4753B22F29978861DE14503F8B9BEDC2014654B26A434CF074F4D8749B88610ADADF5084A90ADBF749E2A; DATACENTER=EAGAN\r\n
    \r\n
    HTTP/1.1 503 Service Unavailable\r\n
    Cache-Control: private\r\n
    Content-Type: text/html\r\n
    Set-Cookie: ORA_WX_SESSION="10.237.138.33:80-1#2"\r\n
    Set-Cookie: portal=; expires=Wednesday, 27-Dec-95 05:29:10 GMT; path=/\r\n
    Connection: Keep-Alive\r\n
    Keep-Alive: timeout=5, max=999\r\n
    Server: Oracle-Application-Server-10g/10.1.2.0.2 Oracle-HTTP-Server OracleAS-Web-Cache-10g/10.1.2.0.2 (N;ecid=208440262161,0)\r\n
    Content-Length: 710\r\n
    Date: Fri, 26 Oct 2007 14:58:07 GMT\r\n
    \r\n
    Thanks -John

    Hi John,
    This question is probably more appropriate in one of the Portal forums, but perhaps you can take a look at the information in section C.5 Configuring the Portal Session Cookie in Appendix C of the Portal Configuration guide.
    Here is a link: http://download.oracle.com/docs/cd/B14099_19/portal.1014/b19305/cg_app_c.htm#sthref1907
    Regards,
    Peter

  • Session Cookies Being Overwritten Browsing From SSL to Non SSL

    I have created a bug report for this issue as well.
    Please note I am using J2EE session variables so keep that in mind.
    I am seeing session cookies being overwritten when browsing from an SSL connection to a non SSL connection.
    For example:
    Visiting https://www.domain.com/ results in a JSESSIONID cookie being set with details being send for "Encrypted connections only".
    Visiting http://www.domain.com/ results in a JSESSIONID cookie being set with details being send for "Any type of connection".
    Here's the problem:
    Say for example, you're logging into an admin module located at https://www.domain.com/admin/. Once authenticated and some session variables are set, you browse to http://www.domain.com/. When that happens your session cookie (JSESSIONID) is overwritten with a new value and you instantly lose your authentication in the admin module.
    Obviously this is causing massive problems for my clients that bounce back and forth from SSL to non SSL connections which is common for e-commerce websites.
    Steps to Reproduce:
    1. Clear your cookies.
    2. Visit a web page such as https://www.domain.com/. Note the JSESSIONID cookie value.
    3. Visit a web page such as http://www.domain.com/. Note the JSESSIONID cookie value and how it was overwritten.
    This behavior changed in ColdFusion 10. ColdFusion 9 did not overwrite the session cookie.
    Has anyone else experience this?

    Deleting and re-adding my account seems to have fixed it.  I think when I initially added my Google Talk account, it was by using the "Add Jabber Account" under 10.6 or something.  Now, when I re-added my account, I notice both "Google Talk" and "Jabber" are options, so my thought here is that Jabber and Google Talk options are no longer quite the same thing.

  • How to create a session cookie on demand

    Hi,
    I search the web but couldn't find anything related to creating session cookies on demand. I want to create a session cookie storing encrypted user tokens when there is none, for example, when the first page is called.
    The encryption part is OK, but I want how can I intercept every call to a set of pages and create the session cookie if it doesn't exist.
    I'm using ADF, of course, and Weblogic.
    Anyone can provide some examples or source code?
    Thanks.

    Cookies are accessible via the http request and response, there you can add new cookies and or change existing ones.
            ExternalContext ectx = FacesContext.getCurrentInstance().getExternalContext();
            HttpServletResponse response = (HttpServletResponse) ectx.getResponse();
            // get existing cookies
            Cookies [] cookies =((HttpServletRequest)ectx.getRequest()).getCookies();
            // create and set a new one
            Cookie cookie = new Cookie( "key", "value" );
            response.addCookie( cookie );This code should work in a bean. After setting the cookie you need to implement a servlet filter or a page phase listener where you check the requested url and then check for your cookie.
    Timo

  • CFID and CFTOKEN Being Deleted from Session Cookie

    I can't believe that no one else has run into this - but I
    have found nothing on the internet.
    When I copy a piece from a web page that is generated by my
    coldfusion server, and paste it into a word document, the session
    cookie is altered, and the CFID and CFTOKEN information is deleted,
    so I lose my login. Recently, I've developed a problem on a
    different application - when I open a word document that is stored
    on the server, using CFCONTENT, same thing happens - the cookie is
    altered, CFID and CFTOKEN are deleted, and I lose my login.
    I'm tearing my hair out. Has anyone seen this behaviour, any
    ideas as to why this would occur? Any ideas as to how to get around
    it?

    Here's my CFAPPLICATION tag:
    <cfapplication name="DashBoard"
    clientmanagement="Yes"
    sessionmanagement="Yes"
    setclientcookies="Yes"
    clientstorage="cookie"
    loginstorage="session"
    sessiontimeout="#CreateTimeSpan(0, 0, 30, 0)#">
    Not sure what you mean by application sections. It's one
    application.
    I don't refer to the cookie in any other way. It's there only
    to do what CF does with it - maintain the information that's used
    to find the session.

  • APEX Security: Multiple session cookies in one browser

    Hi all,
    I use mozilla firefox as web browser. When I open a new tab and enter the APEX application url I will be redirected to the login page. After successfully login I receive the session id and the browser the session cookie WWV_CUSTOM-F....
    When I now open the next browser tab and enter the APEX application url I will be redirected to the login page. After successfully login I receive the new session id and the browser the session cookie WWV_CUSTOM-F... with new content. My session from the first browser tab will be killed, because the session cookie for this session was deleted/replaced by the session cookie from the second tab.
    Is it possible to have multiple APEX sessions opened in one browser in multiple tabs?
    Regards

    Hi PaulP,
    it's simple.
    Unzip bsApex2 http://www.betasoftware.it/codice/bsApex2.zip
    If not installed, install Microsoft .NET Framework 4 Client Profile.
    Configure bsApex.exe.config
    <?xml version="1.0" encoding="utf-8" ?>
    <configuration>
      <appSettings>
        <!-- Application Title -->
        <add key="aTitolo" value="Apex Desktop by Beta Software snc" />
        <!-- Short application title -->
        <add key="aTitoloBreve" value="Apex Desktop" />
        <!-- Window height -->   
        <add key="aAltezza" value="960" />
        <!-- Window width-->
        <add key="aLarghezza" value="1200" />
        <!-- Close botton text -->
        <add key="aChiudi" value="Close" />
        <!-- Print botton text -->
        <add key="aStampa" value="Print" />
        <!-- Application icon-->
        <add key="aIcona" value="bsApex.ico" />
        <!-- Client -->
        <add key="aCliente" value="Apex Community" />
        <!-- Application address -->
        <add key="aIndirizzo" value="http://apex.oracle.com/pls/otn/f?p=23873:1" />
      </appSettings>
    </configuration>Run bsApex.exe, that's all.
    Regards,
    Gianluigi

  • Air + Ipad + RemoteObject problem with session cookies

    I am making Air version for IPad of a Flex application.
    My flex application needs session from an secured enterprise proxy, without that session none remoteObject requests can pass the proxy and reach blazeDS.
    My solution for flex works fine: calling an enterprise  servlet at application´s startup to obtain a cookie session. I use a POST call to the servlet using URLRequest (sending the user and password parameters), the servlet responds with  a message with a session cookie, and from that point, without me having to code anything more, my flex application get that cookie with the session that automatically is loaded in my browser cookie stack, and that transparently is used from all my subsequents remoteObjects calls in the flex application.
    In my Adobe Air Ipad version, this just does not work, the session or is not storaged or is not attached with subsequent remoteObjects requests.
    - I´m forcing request.manageCookies = true
    - I´m working with the IOS simulator (Is there any difference for cookies with a real Ipad device?)
    - I´m using Flex 4.6.0, Air 3.5, IOS 6, Ipad 3, BlazeDS 4.0, Java 6 BackEnd.
    .. What´s the problem/difference with Air+Ipad from the flex version?

    Hi BalusC ,
    Thanks for your detailed response. I have a question about this comment you noted..
    "Terrible. Just keep the bean request scoped. "
    I changed the bean to request and now have this issue.
                <rich:dataGrid id="membersInZipcode" value="#{membersInZipcode.arrayListOfSearch4Member}"
                            var="membersInZipcode" columns="5" elements="20">                       
                <f:facet name="footer">
                    <rich:datascroller></rich:datascroller>
                </f:facet>
            </rich:dataGrid>
            </h:form>  I am using a request bean to hold the search parms that loads the bean. This works great.
    The problem is when I use the rich:datascroller for the next page.
    It goes back to the bean and the request scope bean is empty. This holds the search values.
    How do I put this back into the request after each process??
    Question 2..
    "Those settings only applies on the current request, i.e. the JSP file itself. Images are obtained by separate and independent requests. You need to set the headers on those requests as well. You can use a filter for this."
    I have never set a filter ...how do I do it? Do you have a link for an example of this filter setup?
    Thanks Again
    Phil

  • Setting secure flag on weblogic (5.1) session cookie.

    Hello All,
              I need to set secure flag on weblogic session cookie. I am not able to
              find any property in weblogic.properties file to set the secure flag for
              session cookie.
              Does anybody has any idea how to achieve this.?
              Thanks
              Nitin
              

    The best way to reduce GC is to change you application to use less memory. Serious.
    There are a number of JVM options for GC. I can't tell you what will work best
    for your application.
    25 seconds is way too long for a GC. Is the OS paging? You may wish to invest
    in additional memory.
    Mike Reiche
    vijendran <[email protected]> wrote:
    Hi,
    I am running a load test which will simulate 100 users. when i tried
    to simulate i found that GC is happening often even though i set the
    heap to 512 MB., and that too some time it takes upto 25 secs. for a
    GC to complete. Please advise on how to increase the performance for
    more number of users (without clustering weblogic) and to avoid GC happening
    often.
    Regards
    Vijendran

  • How to secure session cookie

    Iam using iPlanet 6.0SP6 in NT 4.0.
    I would like to make the session cookie JSESSIONID to be transfer only on secure connection.
    Then, I make the change to web-apps.xml as below
    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE vs PUBLIC "-//Sun Microsystems, Inc.; iPlanet//DTD Virtual Server Web Applications 6.0//EN"
         "http://developer.iplanet.com/webserver/dtds/iws-webapps_6_0.dtd">
    <vs>
    <session-cookie is-secure="true"></session-cookie>
    </vs>
    After that, I restart the iplanet web server and load the page with I.E. again. I see that the cookie is still passed with non-secure mode.
    Is there any wrong with my web-apps.xml?

    Janice,
    Thanks for your help.
    When I use the below web-apps.xml, I can make the cookie in secure session.
    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE vs PUBLIC "-//Sun Microsystems, Inc.; iPlanet//DTD Virtual Server Web Applications 6.0//EN"
         "http://developer.iplanet.com/webserver/dtds/iws-webapps_6_0.dtd">
    <vs>
    <web-app uri="/" dir="d:/java/docroot" enable="true">
    <session-manager class="com.iplanet.server.http.session.IWSSessionManager">
    <init-param>
    <param-name>maxSessions</param-name>
    <param-value>16000</param-value>
    </init-param>
    <init-param>
    <param-name>timeOut</param-name>
    <param-value>7200</param-value>
    </init-param>
    <init-param>
    <param-name>reapInterval</param-name>
    <param-value>30</param-value>
    </init-param>
    <init-param>
    <param-name>maxValueSize</param-name>
    <param-value>8192</param-value>
    </init-param>
    </session-manager>
    <session-cookie is-secure="true"/>
    </web-app>
    </vs>
    However, when I configure more on the web applicaiton with the web.xml, I check that the cookie no more secure.
    THe web.xml is
    <?xml version="1.0" encoding="ISO-8859-1"?>
    <!DOCTYPE web-app PUBLIC
    "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
    "http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">
    <web-app>
    <display-name>Trade Info Exchange</display-name>
    <description>
    Trade Info Exchange
    </description>
    <!-- Define servlets that are included in the example application -->
    <servlet>
    <servlet-name>Login</servlet-name>
    <servlet-class>com.chase.infra.appcontrol.servlet.LoginServlet</servlet-class>
    </servlet>
    <servlet-mapping>
    <servlet-name>Login</servlet-name>
    <url-pattern>/Login</url-pattern>
    </servlet-mapping>
    <servlet>
    <servlet-name>Fmenu</servlet-name>
    <servlet-class>com.chase.infra.appcontrol.servlet.FmenuServlet</servlet-class>
    </servlet>
    <servlet-mapping>
    <servlet-name>Fmenu</servlet-name>
    <url-pattern>/Fmenu</url-pattern>
    </servlet-mapping>
    <servlet>
    <servlet-name>Fcontent</servlet-name>
    <servlet-class>com.chase.infra.appcontrol.servlet.FcontentServlet</servlet-class>
    </servlet>
    <servlet-mapping>
    <servlet-name>Fcontent</servlet-name>
    <url-pattern>/Fcontent</url-pattern>
    </servlet-mapping>
    <servlet>
    <servlet-name>Express</servlet-name>
    <servlet-class>com.chase.apps.express.servlet.EXPRESS2</servlet-class>
    </servlet>
    <servlet-mapping>
    <servlet-name>Express</servlet-name>
    <url-pattern>/EXPRESS2</url-pattern>
    </servlet-mapping>
    <servlet>
    <servlet-name>AppControl</servlet-name>
    <servlet-class>com.chase.infra.appcontrol.servlet.AppControlServlet</servlet-class>
    </servlet>
    <servlet-mapping>
    <servlet-name>AppControl</servlet-name>
    <url-pattern>/AppControl</url-pattern>
    </servlet-mapping>
    <servlet>
    <servlet-name>errorPage</servlet-name>
    <servlet-class>com.chase.infra.appcontrol.servlet.errorPage</servlet-class>
    </servlet>
    <servlet-mapping>
    <servlet-name>errorPage</servlet-name>
    <url-pattern>/errorPage</url-pattern>
    </servlet-mapping>
    <servlet>
    <servlet-name>LoginFail</servlet-name>
    <servlet-class>com.chase.infra.appcontrol.servlet.LoginFailServlet</servlet-class>
    </servlet>
    <servlet-mapping>
    <servlet-name>LoginFail</servlet-name>
    <url-pattern>/LoginFail</url-pattern>
    </servlet-mapping>
    <servlet>
    <servlet-name>Logout</servlet-name>
    <servlet-class>com.chase.infra.appcontrol.servlet.LogoutServlet</servlet-class>
    </servlet>
    <servlet-mapping>
    <servlet-name>Logout</servlet-name>
    <url-pattern>/Logout</url-pattern>
    </servlet-mapping>
    <servlet>
    <servlet-name>ChangePwdWarning</servlet-name>
    <servlet-class>com.chase.infra.appcontrol.servlet.ChangePwdWarningServlet</servlet-class>
    </servlet>
    <servlet-mapping>
    <servlet-name>ChangePwdWarning</servlet-name>
    <url-pattern>/ChangePwdWarning</url-pattern>
    </servlet-mapping>
    <servlet>
    <servlet-name>ChangePwd</servlet-name>
    <servlet-class>com.chase.infra.appcontrol.servlet.ChangePwdServlet</servlet-class>
    </servlet>
    <servlet-mapping>
    <servlet-name>ChangePwd</servlet-name>
    <url-pattern>/ChangePwd</url-pattern>
    </servlet-mapping>
    <servlet>
    <servlet-name>ReLoginDialog</servlet-name>
    <servlet-class>com.chase.infra.appcontrol.servlet.ReLoginDialog</servlet-class>
    </servlet>
    <servlet-mapping>
    <servlet-name>ReLoginDialog</servlet-name>
    <url-pattern>/ReLoginDialog</url-pattern>
    </servlet-mapping>
    <servlet>
    <servlet-name>TradeTrackProcessSearch</servlet-name>
    <servlet-class>chase.app.tt.servlet.ProcessSearchServlet</servlet-class>
    </servlet>
    <servlet-mapping>
    <servlet-name>TradeTrackProcessSearch</servlet-name>
    <url-pattern>/TradeTrackProcessSearch</url-pattern>
    </servlet-mapping>
    <servlet>
    <servlet-name>TradeTrackSearchScreen</servlet-name>
    <servlet-class>chase.app.tt.servlet.SearchScreenServlet</servlet-class>
    </servlet>
    <servlet-mapping>
    <servlet-name>TradeTrackSearchScreen</servlet-name>
    <url-pattern>/TradeTrackSearchScreen</url-pattern>
    </servlet-mapping>
    <servlet>
    <servlet-name>TradeTrackMain</servlet-name>
    <servlet-class>chase.app.tt.servlet.MainServlet</servlet-class>
    </servlet>
    <servlet-mapping>
    <servlet-name>TradeTrackMain</servlet-name>
    <url-pattern>/LCIMPORT</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
    <servlet-name>TradeTrackMain</servlet-name>
    <url-pattern>/LCEXPORT</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
    <servlet-name>TradeTrackMain</servlet-name>
    <url-pattern>/COLLIMP</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
    <servlet-name>TradeTrackMain</servlet-name>
    <url-pattern>/COLLEXP</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
    <servlet-name>TradeTrackMain</servlet-name>
    <url-pattern>/B2BMenu</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
    <servlet-name>TradeTrackMain</servlet-name>
    <url-pattern>/B2BMain</url-pattern>
    </servlet-mapping>
    <welcome-file-list>
    <welcome-file>ctielogin.html</welcome-file>
    </welcome-file-list>
    </web-app>
    Pls advise how I can make the cookie secure for using the web.xml and web-apps.xml
    thanks
    samuel poon

  • How to use session cookie property of System object?

    Hi all,
    I have searched all over the SDN but didnt get anything relevent so here i am posting my query...
    My scenario is as follows:
    I have created a KM document iview that launches an HTML page, on click of button of HTML page a VC iview is launched. On this iview i have a button that hits BI query.
    PS: A system object is created for the connectivity bet portal and backend BI server.
    PS: i have configured SSO between portal and backend.
    Now when i click on button on iview that fetches the data from backend, i am asked for authentication pop-up, although i have configured SSO why i am asked to enter UID and PWD again??
    In system object there is a property named
    <b>"session cookie = MYSAPSSO2"</b>
    So should i use this property so that cookie will get transfered from one session to other session when i click button on iview??
    If yes then HOW??
    Is there any other setting remained in Visual Admin?? or Backend or portal?
    What could be the missing??
    PS: User id are same on portal & backend.
    Any help will be highly appreciated...
    Regards,
    Ameya
    Thanks in advance
    Message was edited by:
            Ameya Pimpalgaonkar
    null
    Message was edited by:
            Ameya Pimpalgaonkar

    Hi Ameya,
    I do not know the exact answer.However you should look for something called JSESSION ID.
    Have a look at the thread:
    Re: Problems Using Application Integrator for BSP Application
    Reg SSO Logon Tickets and Browser sessions
    How to use jsessionid while making HTTP calls??
    Hope you find something which can help you.
    Regards
    Atul Shrivastava

  • Access Manager v7.1 - Sessions / Cookies

    Is their a way to allow the user to open more than once session. Example: I login to web site "A" and access manager authenticates me and allows me in. Now I want to start a new tab to login to web site "A" as a different user. Currently I am unable to do that, when I go to the URL access manager has already been authenticated and allows me in. If I click logout it logs out of both browsers.
    Currently the system act like the cookie are persistent. In v7.1.1 Sun added support for this but doesn't really talk about when to and not to use it. None of the realms are setup to use persistent cookies.
    Any help is appreciated.......

    The problem is not with the Access Manager. Your browser use the same session cookies for all tabs and windows. You must have two differents instances of the browser to have different session cookies. Try any other site and you will see the same thing.

  • I get an error message 'Cannot create session cookie'

    Hello,
    This is the exact error message I receive:
    "Time: 2011-04-05 14:47:47
    OUCU: zz767748
    URL: /science.level1ayrf.s104/
    TN: openmark @ ltsweb2
    Status: 403
    Title: Unable to create session cookie
    Message: In order to use this website you must enable cookies in your browser settings."
    Many thanks,
    Rachel

    No idea what causes it, but it does happen. Try this.....
    Go to Settings>General>Date and Time>Set Automatically>Off. Set the date one year ahead. Try to update the apps again. If you get an error message, go back to the settings. Correct the date and time (set automatically) then go back and try to update the apps again.
    Or this ....
    If that doesn't work - sign out of your account, restart the iPad and then sign in again.
    Settings>Store>Apple ID. Tap your ID and sign out. Restart the iPad by holding down on the sleep button until the red slider appears and then slide to shut off. To power up hold the sleep button until the Apple logo appears and let go of the button.
    Go back to Settings>Store>Sign in and then try to update again.

  • Apex session cookie in Safari

    Hi all,
    I'm hitting a restriction or security feature(?) of Safari in iOS. One of our Apex applications is a page that runs in an iframe on a site. Apex is installed on a server inside our own network and is accessable via dns: office.ourcorp.com (fake name, just to clearify the situation). We have a couple of different brands, that all have their own domains: brand1.com, brand2.com etc. All of these sites open the apex page inside an iframe.
    That all works beautifully in all browsers, except in Safari in iOS. in iOS, the apex page isn't showing. It seams it's because of the session cookie Apex sets. Safari can't set an cookie from another domain (a cross domain cookie). Is there a possibility to turn off the session cookie?(ORA_WWV_APP_xxx)?
    I also tried to set the 'cookie domain' option inside the authentication scheme to one of the domain names for our brands, but it still doesn't show up.
    Does someone has a sollution?

    I tried to do that. If you read my very first post in this thread, specifically "If I try to set a cookie in the page sentry function, it is breaking at the redirect line. Also, I don't think page sentry is the right place to set a cookie since it executes at every page.", I tried to set a cookie but it is throwing an error at the page.
    I think all these complication is because I dont have a login page and I am using a HTTP header variable to validate the user. Given that, where should I set the cookie?
    I also tried to do this:
    - create an appliaction item called 'testuser'
    - create an application computation to run 'before header' which sets the value of this to my HTTP header variable.
    - When I retrieve the app item 'testuser' from a page, it is getting the correct value. But when I use this in the authentication scheme, it is returning null. Any idea why??
    I know I am throwing a lot of questions. That is because I am trying a lot of approaches and each of them is posing a new set of challenges. I am actually looking for alternative ways to do what I am looking to do.
    Thanks.
    Shuba

Maybe you are looking for

  • Delivery Notes picking tolerance issue

    Dear Guru, we have the sales order , item 10, qty = 10 pcs, DN qty = 10 pcs but when W/H to do the picking , only found the 9 pcs,  so we requirement : can the picking qty automatic overwrite  to the delivery notes qty, and the sales order can automa

  • Using several checkboxes in a formula

    Hi, I have a sheet with three columns; Price, Name1, Name2. Name1 and Name2 have checkboxes on every row where there's a price added. I then have a two cells further away that are trying to calculate the price for each name. Eg. if the price is 100 a

  • Why am I getting an error message about photo stream?

    Every 10 minutes or so, I keep getting a message saying that my phot stream can't access my account on iCloud.  I've never used iCloud, but it says I'm signed in, so why does this message keep annoying me?

  • Two iPhones, two Apple IDs, one phone out of the area.

    Can music be purchased on iPhone A with Apple ID B to have it available on iPhone B without syncing to a computer?  iPhone B owner is out of the area and currently is not able to perform these tasks and does not have access to a computer at this time

  • Superdrive keeps ejecting disk on Mavericks sign on.

    I've just installed a fresh copy of Mavericks and have a strange problem. My Apple Mac Pro "Eight Core" 2.4 (2010/Westmere) boots up fine until it gets to the Mavericks sign on screen and if there is a disk inside the superdrive then ejects it. I hav