IPlanet 6.0 Session Validation

Similar Messages

• Re: [iPlanet-JATO] Re: session timeout when not submitting to a handler

  Mark--
  I know what's happening here, but am curious about your approach. You said
  in an earlier email that you were generating links directly to JSPs, but
  from what you are describing, you are generating JATO-style links to access
  JATO pages. Nothing wrong with that, but there is a signficant difference.
  Actually, it just occurred to me, I'm wondering what your URLs look like.
  The way the request dispatching works in JATO is it ignores anything after
  an initial "." in the final part of the URL path. For example, a request
  for "/myapp/module1/MyPage.jsp" doesn't actually try to hit the JSP, instead
  it tries to hit the JATO page "/myapp/module1/MyPage".
  The end result is that you may think you are accessing a JSP directly, but
  are instead accessing a JATO page. The reason the request dispatching works
  this way is because it is illegal to access JATO JSPs directly, and there is
  actually a (disabled) JATO feature that piggybacks on the use of the
  dot-delimited URL.
  So, now I need to understand your intent. I wasn't really sure why you were
  generating direct JSP/page links to begin with. This works against the Type
  II architecture JATO uses, in which all JATO requests go back to the
  controller servlet.
  If you are trying to design something like a menu page, you may have thought
  that it was burdensome to create a number of HREF children, plus implement
  event handlers for each of them. This definitely would be burdensome beyond
  just a handful of links, but this is why JATO provides other mechanisms for
  doing what I'll call here "polymorphic HREFs".
  Assuming this menu page scenario, the easiest thing to do is to simply use
  one HREF child on the page, and add a value to it each time it is rendered
  that distinguishes it from the other instances on the page. In your event
  handler for the HREF, you simply check this value and use it to decide which
  page to forward to. You can add a value to an HREF or Button by using the
  "addExtraValue()" method. Or, if you are using JATO 1.2, you can add extra
  query string NVPs right in the JSP document using the "queryParams"
  attribute of the <jato:href> tag. Thus, your one HREFchild and event
  handler become "polymorphic" because what they do depends on the context in
  which they are invoked.
  Now, I still don't have confirmation that this is what you were trying to
  do, so until I do, let me explain the exception you're seeing. JATO assumes
  that when a request comes in for a page that includes the pageAttributes
  NVP, it is a request coming from a previously generated JATO page. Because
  of the way JATO works, this means that the request dispatching code should
  send the request back to the originally rendered page. For example, if Page
  A renders an HREF, which the user then activates, JATO sends the request
  back to Page A for handling. All of the HREFs and forms generated during
  rendering of Page A actually refer back to Page A, regardless of where those
  links or buttons actually pass the request in their event handlers/Command
  objects.
  So, what's happening when you include the pageAttributes in your HREFs is
  that JATO is assuming that a request is being sent to the target page, with
  the assumption that the target page has a mechanism in place to handle the
  request. This assumption relies on the specification of the "originator" of
  the request being specified in the request. For links/HREFs, the name and
  value of the HREF is sent along with the request. For forms, the name and
  value of the button that was pressed are sent in the request. JATO uses the
  presence of these name/value pairs to decide which event handler, or which
  Command object, to invoke to handle the request.
  The exception you are receiving is saying that there was no object on the
  target page that indicated it could handle the request. This is to be
  expected, since you have not specified a query parameter that indicates
  which CommandField child is responsible the request. However, this is where
  I see the disconnect, because that is not what I believe you were trying to
  do (as explained above).
  So now, given all the information above, can you tell me what you're trying
  to accomplish, and whether or not the info I've given you has helped you to
  design a mechanism more in line with a JATO approach? If not, given that I
  understand what you're trying to do, I can offer a more concrete solution.
  Todd
  ----- Original Message -----
  From: <Mark_Dubinsky@p...>
  Sent: Monday, November 05, 2001 2:54 PM
  Subject: [iPlanet-JATO] Re: session timeout when not submitting to a handler
  This is the exception we get:
  (And BTW, leaving a blank value for the pageAttributes doesn't help)
  [05/Nov/2001 17:49:18:4] error: <portalServlet.processRequest>
  javax.servlet.ServletException: The request was not be handled by the
  specified handler
  at java.lang.Throwable.fillInStackTrace(Native Method)
  at java.lang.Throwable.fillInStackTrace(Compiled Code)
  at java.lang.Throwable.<init>(Compiled Code)
  at java.lang.Exception.<init>(Compiled Code)
  at
  javax.servlet.ServletException.<init>(ServletException.java:107)
  at
  com.putnaminvestments.common.jato.ApplicationServletBase.dispatchRequ
  est(Compiled Code)
  at
  com.putnaminvestments.common.jato.ApplicationServletBase.processReque
  st(Compiled Code)
  at
  com.putnaminvestments.bp.portal.portalServlet.processRequest(Compiled
  Code)
  at
  com.putnaminvestments.common.jato.ApplicationServletBase.doPost(Compi
  led Code)
  at
  com.putnaminvestments.common.jato.ApplicationServletBase.doGet(Compil
  ed Code)
  at javax.servlet.http.HttpServlet.service(Compiled Code)
  at com.putnaminvestments.bp.bpServletBase.service(Compiled
  Code)
  at javax.servlet.http.HttpServlet.service(Compiled Code)
  at
  com.netscape.server.servlet.servletrunner.ServletInfo.service(Compile
  d Code)
  at
  com.netscape.server.servlet.servletrunner.ServletRunner.execute(Compi
  led Code)
  at com.kivasoft.applogic.AppLogic.execute(Compiled Code)
  at com.kivasoft.applogic.AppLogic.execute(Compiled Code)
  at com.kivasoft.thread.ThreadBasic.run(Native Method)
  at com.kivasoft.thread.ThreadBasic.run(Native Method)
  at com.kivasoft.thread.ThreadBasic.run(Native Method)
  at com.kivasoft.thread.ThreadBasic.run(Native Method)
  at com.kivasoft.thread.ThreadBasic.run(Compiled Code)
  at java.lang.Thread.run(Compiled Code)
  --- In iPlanet-JATO@y..., "Todd Fast" <Todd.Fast@S...> wrote:
  Mark--
  Initially we tried to add the pageAttributes NVP as well, but that
  was
  causing an exception, so we stopped doing that.That's odd--what was the exception?
  Our problem now is that when the SessionTimes out it does not go
  to
  onSessionTimeout method as in processRequestMethod of the
  ApplicationServletBase it looks for pageAttributes. If it is notnull
  then only onSessionTimeOut method is called.This is sadly the only technique for determining if a session hastimed out
  and a new one been created, versus the initial creation of thesession.
  Is there any work around for this? Maybe you can suggest how topass
  the pageAttributes without causing the initial exception?Definitely--let me know what the exception was and I'll be able tosuggest
  something. However, it shouldn't really be any harder thanappending a
  "jato.pageAttributes=" empty NVP on the HREF.
  Todd
  Todd Fast
  Senior Engineer
  Sun/Netscape Alliance
  todd.fast@s...
  For more information about JATO, please visit:
  http://developer.iplanet.com/tech/appserver/framework/index.jsp

  OK, here's what I'm trying to do: We have, like you said, a menu
  page. The pages that it goes to and the number of links are all
  variable and read from the database. In NetD we were able to create
  URLs in the form
  pgXYZ?SPIDERSESSION=abcd
  so this is what I'm trying to replicate here. So the URL that works
  is
  pgContactUs?GXHC_GX_jst=fc7b7e61662d6164&GXHC_gx_session_id_=cc9c6dfa5
  601afa7
  which I interpreted to be the equivalent of the old Netd way. Our
  javascript also loads other frames of the page in the same manner.
  And I believe the URL-rewritten frame sources of a frameset look like
  this too.
  This all worked except for the timeout problem. In theory we could
  rewrite all URLs to go to a handler, but that would be...
  inconvenient.

• Issue in keeping the InfoView session valid using Custom JSP Open Document

  Hi
  We are using OpenDocument URL in custom JSP to show BO Web Intelligence Document.  The documents are opening fine but some of our WebI documents have links to other WebI document,  when the link is clicked it takes to Info View Login Page.
  If I login and logout once from InfoView then the WebI document links work fine.
  Can you please guide me on how to make the session valid for WebI internal links?  Do I need to create a Cookie or use URL Encoding?
  Following is the sample JSP code:
  <%@ page import="com.crystaldecisions.sdk.exception.SDKException" %>
  <%@ page import="com.crystaldecisions.sdk.framework.CrystalEnterprise" %>
  <%@ page import="com.crystaldecisions.sdk.framework.IEnterpriseSession" %>
  <%@ page import="com.crystaldecisions.sdk.framework.ISessionMgr" %>
  <%@ page import="com.crystaldecisions.sdk.occa.infostore.IInfoStore" %>
  <%@ page import="com.crystaldecisions.sdk.occa.security.ILogonTokenMgr"%>
  <%
  try{
  String systemName = "ServerName";
  String userName = "user";
  String password = "pass";
  String authType = "secEnterprise";
  IEnterpriseSession enterpriseSession=null;
  if (enterpriseSession == null)
  ISessionMgr enterpriseSessionMgr = CrystalEnterprise.getSessionMgr();
  enterpriseSession = enterpriseSessionMgr.logon(userName, password, systemName, authType);
  ILogonTokenMgr logonTokenMgr = enterpriseSession.getLogonTokenMgr();
  String defaultToken = logonTokenMgr.createWCAToken("",20,10);
  response.sendRedirect("http://boServer:port/OpenDocument/opendoc/openDocument.jsp?iDocID=16894&token="+defaultToken);
  catch(Exception e)
  e.printStackTrace();
  %>

  Thanks Aasavari for responding. My problem is solved. 
  I need not create any cookie or create token using getLogonToken
  Some of the URLs in the webi documents were incorrect and so Info View was taking to the Info View Login page.  
  But I am surprised though why info view not complain about incorret and rather takes to the login page.
  Thanks for your help again.

• Help with jsp session validation

  i've build up a page that only users wil 'administrator' as the session is variable can access. if they don't they will be directed to the login page.
  However, I'm getting a null pointer exception.
  my code is as follows:
  <%@ page import="java.io.*"%>
  <%
       if (session.getAttribute("id").equals(null) || !(session.getAttribute("id").equals("administrator")))
            response.sendRedirect("adminlogin.htm");
  %>
  Error Message:
  type Exception report
  message
  description The server encountered an internal error () that prevented it from fulfilling this request.
  exception
  org.apache.jasper.JasperException
  root cause
  java.lang.NullPointerException
  any pros please help? i know it's something to do with my jsp session validation. thanks in advance.

  one more thing, with regrads to the solution evnafets provided. I tried it out on all my pages that requires administrator rights and found that the code only redirects when it's not expecting any parameters. Else, it just display an error message there. Is there a way around this? Or I should let let my end user suffer?
  type Exception report
  message
  description The server encountered an internal error () that prevented it from fulfilling this request.
  exception
  org.apache.jasper.JasperException
       at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:248)
       at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:289)
       at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:240)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:247)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
       at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:260)
       at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
       at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
       at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
       at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
       at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
       at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2396)
       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180)
       at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
       at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:170)
       at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
       at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:172)
       at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
       at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
       at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:174)
       at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
       at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
       at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:223)
       at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:405)
       at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:380)
       at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:508)
       at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:533)
       at java.lang.Thread.run(Thread.java:534)
  root cause
  java.lang.NullPointerException
       at org.apache.jsp.view_jsp._jspService(view_jsp.java:177)
       at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:136)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
       at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:204)
       at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:289)
       at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:240)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:247)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
       at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:260)
       at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
       at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
       at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
       at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
       at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
       at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2396)
       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180)
       at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
       at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:170)
       at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
       at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:172)
       at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
       at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
       at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:174)
       at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
       at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
       at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:223)
       at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:405)
       at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:380)
       at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:508)
       at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:533)
       at java.lang.Thread.run(Thread.java:534)

• Custom session validator

  Hi All!
  Is it possible to create custom session validation mechanism in coherence, which checks session availability in third party system (Siebel in our case) and provides data caching assigned to this session from external Web Services?
  Thank you very much :)

  Coherence supports HTTP Session Caching via Coherence*Web.
  In terms of doing something similar for some other session context such as Siebel it may or may not be doable depending upon the nature of
  the session object you are caching. You probably would need to use standard Coherence API mechanisms and application logic to manage the session state
  and relate it to other entities.

• JDBC persistence of session data not working on iPlanet Web Server, Enterprise Edition 6.0 SP2

  I am using windows 2000.
  iPlanet Web Server, Enterprise Edition 6.0 SP2
  I tried to do jdbc persistence for sessiondata.
  Somehow it didn't work.
  I edited the JdbcStore code and added some system.outs in it.
  From the logs I could note that
  It is going into
  JdbcStore.init(Properties config)//when the server starts up
  JdbcStore.reap(long currentTime) //when the server is brought down
  But it is not going into
  JdbcStore.save(IWSHttpSession session)
  JdbcStore.remove(IWSHttpSession session)
  JdbcStore.load(IWSHttpSession session)
  I did a "select count(*) from sessions" and it got me
  no of rows=0.
  The logs contained
  [06/Mar/2002:11:25:09] info ( 552): IWSSessionManager: Maximum number of sessions is 1000
  [06/Mar/2002:11:25:10] info ( 552): IWSSessionManager: Maximum number of sessions is 1000
  [06/Mar/2002:11:25:14] info ( 552): JdbcStore: initialized with url=jdbc:odbc:LocalServer, driver=sun.jdbc.odbc.JdbcOdbcDriver
  So I should think it was working.
  The pages that are using HttpSession are working ok but should I not get some rows in my table "sessions" when I query?
  This is the webapps.xml I used.
  <?xml version="1.0" encoding="ISO-8859-1"?>
  <!-- iWS 6.0 specific web application configuration. -->
  <!DOCTYPE vs PUBLIC "-//Sun Microsystems, Inc.; iPlanet//DTD Virtual Server Web Applications 6.0//EN" "http://developer.iplanet.com/webserver/dtds/iws-webapps_6_0.dtd">
  <vs>
  <!-- Define global configuration -->
  <!-- Configure a session manager and tracking configuration -->
  <session-manager
  class='com.iplanet.server.http.session.IWSSessionManager' >
  <init-param>
  <param-name>maxSessions</param-name>
  <param-value>1000</param-value>
  </init-param>
  <init-param>
  <param-name>timeOut</param-name>
  <param-value>1800</param-value>
  </init-param>
  <init-param>
  <param-name>session-failover-enabled</param-name>
  <param-value>true</param-value>
  </init-param>
  <init-param>
  <param-name>reapInterval</param-name>
  <param-value>600</param-value>
  </init-param>
  <init-param>
  <param-name>session-data-store</param-name>
  <param-value>com.iplanet.server.http.session.JdbcStore</param-value>
  </init-param>
  <init-param>
  <param-name>url</param-name>
  <param-value>jdbc:odbc:LocalServer</param-value>
  </init-param>
  <init-param>
  <param-name>provider</param-name>
  <param-value>sun.jdbc.odbc.JdbcOdbcDriver</param-value>
  </init-param>
  <init-param>
  <param-name>username</param-name>
  <param-value>sa</param-value>
  </init-param>
  <init-param>
  <param-name>password</param-name>
  <param-value>sa</param-value>
  </init-param>
  <init-param>
  <param-name>lookupPool</param-name>
  <param-value>4</param-value>
  </init-param>
  <init-param>
  <param-name>insertPool</param-name>
  <param-value>4</param-value>
  </init-param>
  <init-param>
  <param-name>updatePool</param-name>
  <param-value>4</param-value>
  </init-param>
  <init-param>
  <param-name>deletePool</param-name>
  <param-value>4</param-value>
  </init-param>
  <!--
  <init-param>
  <param-name>session-failover-enabled</param-name>
  <param-value>false</param-value>
  </init-param>
  -->
  </session-manager>
  <session-tracking use-cookies="true" />
  <!-- Define the web applications for this virtual server-->
  <!-- catalog application -->
  <web-app uri="/Web" dir="E:/iPlanet/Servers/docs" enable="true" >
  <!-- Specify a tempory directory. A path returned in the "javax.servlet.context.tempdir" property; defaults to WEB-INF/tmp. -->
  <!--
  <tempdir dir='/var/catalog/tmp'/>
  -->
  <!-- reload classes at every 5 minutes; also include mycatlog.jar file in the classpath -->
  <!--
  <class-loader reload-interval='300' classpath='/home/work/mycatalog.jar' />
  -->
  </web-app>
  </vs>

  I'm trying to do the same thing with a file store, also somewhat unsuccessfully. However, one thing I can point out is that the manual says that the <session-manager> element should be within the <web-app> element in web-apps.xml. In your example, it is outside of it.

• Session time out in BIP

  All,
  I have set the BIP security as Oracle BI SERVER and able to successfully log in from dashboards, answers to BIP. but after some time BIP is getting timed out.
  where can I set the session time out parameter? and
  how to make the BIP session valid as long as OBI presentation services session is valid?
  Thanks in advance.

  Post Author: amr_foci
  CA Forum: Authentication
  go to the universe which this report based on, get the parameters window from (File->Paramaters)
  check the CONTROL tab
  see those parameters and configure them as you want
  good luck
  Amr

• Session in java swing??

  Hi friends,
  I need to create session in java swing...
  I have a client running in swing and can access resources in multi-threaded server. I need to validate user using session. But i don't know how to use session.
  User has to login with username & password (authentication verified at server using socket communication).
  If successful the login frame vanishes and other options are displayed. user has a feature that he can send files to other
  user. so i need to use session for security purpose.
  Anyone help me with code
  Edited by: sathya_vn on Apr 20, 2008 5:41 PM

  Anyone help me with the code-----> u got tat wrong..
  I need to know how to use session with java swing. I requested if anyone has such code....
  This is a part of my project .
  Am using MySQL Database to store username and password.
  Cleint side interface has a frame (first frame--frame1) requesting client to provide login information. The login details <username and password> are sent to server. server validates whether the login info are correct or not and return true or false .
  If false the frame1 will show a JOptionPane ... message stating that wrong username or password specified.
  If true i need to create a session and other operations are done after session validation. I am using ssl socket.
  If u want the code then i have post around 300 or more lines..

• Session-failover-enabled not working in iWS6 with a FileStore

  I'm trying to use a FileStore to implement session persistence using IWSSessionManager. I have the following in my web-apps.xml:
  <web-app uri="/Banking" dir="c:/java/online">
  <session-manager class='com.iplanet.server.http.session.IWSSessionManager'>
  <init-param>
  <param-name>session-data-store</param-name>
  <param-value>com.iplanet.server.http.session.FileStore</param-value>
  </init-param>
  <init-param>
  <param-name>session-data-dir</param-name>
  <param-value>c:/iplanet/servers/SessionData</param-value>
  </init-param>
  <init-param>
  <param-name>session-failover-enabled</param-name>
  <param-value>false</param-value>
  </init-param>
  </session-manager>
  </web-app>
  I'm seeing the following exception in my log:
  [12/Jun/2002:10:10:56] info ( 320): java.io.NotSerializableException: com.iplanet.server.http.servlet.WebApplication
  at java.io.ObjectOutputStream.outputObject(ObjectOutputStream.java:1148)
  at java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:366)
  at java.io.ObjectOutputStream.outputClassFields(ObjectOutputStream.java:1827)
  at java.io.ObjectOutputStream.defaultWriteObject(ObjectOutputStream.java:480)
  at java.io.ObjectOutputStream.outputObject(ObjectOutputStream.java:1214)
  at java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:366)
  at java.io.ObjectOutputStream.outputClassFields(ObjectOutputStream.java:1827)
  at java.io.ObjectOutputStream.defaultWriteObject(ObjectOutputStream.java:480)
  at java.io.ObjectOutputStream.outputObject(ObjectOutputStream.java:1214)
  at java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:366)
  at java.util.Hashtable.writeObject(Hashtable.java:764)
  at java.lang.reflect.Method.invoke(Native Method)
  at java.io.ObjectOutputStream.invokeObjectWriter(ObjectOutputStream.java:1864)
  at java.io.ObjectOutputStream.outputObject(ObjectOutputStream.java:1210)
  at java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:366)
  at com.iplanet.server.http.session.IWSHttpSession.writeObject(IWSHttpSession.java:764)
  at java.lang.reflect.Method.invoke(Native Method)
  at java.io.ObjectOutputStream.invokeObjectWriter(ObjectOutputStream.java:1864)
  at java.io.ObjectOutputStream.outputObject(ObjectOutputStream.java:1210)
  at java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:366)
  at com.iplanet.server.http.session.FileStore.save(FileStore.java:167)
  at com.iplanet.server.http.session.IWSSessionManager.update(IWSSessionManager.java:499)
  at com.iplanet.server.http.servlet.NSHttpServletRequest.closeInputStream (NSHttpServletRequest.java:612)
  at com.iplanet.server.http.servlet.NSServletRunner.servicePostProcess(NSServletRunner.java:857)
  at com.iplanet.server.http.servlet.NSServletRunner.invokeServletService(NSServletRunner.java:942)
  at com.iplanet.server.http.servlet.WebApplication.service(WebApplication.java:1065)
  at com.iplanet.server.http.servlet.NSServletRunner.ServiceWebApp(NSServletRunner.java:959)
  Any ideas what's wrong?
  I should note that I don't think it is because I am storing non-serializable things in the session attributes. I think this because originally I was getting an exception that said that a specific attribute wasn't serializable. I changed the class definition of the class I was storing in that attribute to include "implements java.io.Serializable" and that problem went away.

  Hi Sija,
  Can i have detailed scenario in your cluster configuration.
  Means you are saying that going to start cluster package manually, if it is right please make sure that you had the same copy of start, instance profiles of NodeA to Node B. Means you need to maintain two startup, two instance profiles for both nodes. In a normal situation it will picik the profile of node A to start databse from A node. But in a failover situation it will not pick node A profile to start, it should pick Node B s profiles.
  Just make a copy from node A and change the profile name accordingly to Node b. Then try to restart.
  Regards
  Nick Loy

• Bug in session manager. If you work for Sun, please take a look.

  While evaluating what it would take to transition from Iplanet 6 to Sun Webserver 6.1, I found a problem with the Sun Webserver's s1ws60 session managers. If the page is not explicitly flushed before ending, the session cookie JSESSIONID is never sent. So as long as the user continues to visit small pages, they keep getting new sessions (because they are never sent a session id, so the session manager creates a new one every time they visit). The session cookie is sent if larger pages are visited (the buffer is automatically flushes). The session cookie is also sent if out.flushBuffer() is explicitly called within the JSP. This problem was not present in IWS6.0.
  The problem has been tracked down to a combination of the code in com.iplanet.server.http.session.IWSSessionManager (found in the "plugins" directory) and the JSP's Java code generated by a component of the webserver (Catalina?). Under Iplanet, the code generated in the finally{} section of the JSP first flushed the buffer, then called releasePageContext. Under Sun Webserver, the code generated just calls releasePageContext without explicitly flushing the buffer before the call. When flushing the buffer for a non-committed response, the headers are first generated and sent, along with any cookies, including the session cookie. The server only sends the session cookie if, among other things, the session satisfies "_session.isNew()". The order of events in releasePageContext ensures that this is never true when used in combination with IWSSessionManager. I don't have the source code to verify this, but from experimentation I think this is the reason: Before the buffer is flushed, the session is saved by IWSSessionManager.update(session), which at line 498 calls "sn.unsetNew()". So the session is never isNew() when it gets around to sending the session cookie. This can be resolved by either adding an explicit buffer flush to the finally{} section of the JSP, or removing the unsetNew() call from IWSSessionManager. Since I don't know where the code that generates the JSP is (or if I can even change it), I ended up removing the sn.unsetNew() call from the update() function.
  Here's the code generated in the finally{} section using IWS6 and Sun Webserver:
  Iplanet 6
          } finally {
              if (out != null && (out instanceof org.apache.jasper.runtime.JspWriterImpl)) {
                  ((org.apache.jasper.runtime.JspWriterImpl) out).flushBuffer();
              if (_jspxFactory != null) _jspxFactory.releasePageContext(pageContext);
          }Sun Webserver
          } finally {
              _jspx_releaseTags(_jspx_curTag, null);
              if (_jspxFactory != null) _jspxFactory.releasePageContext(pageContext);
          }

  I posted a bug report on this.

• New session creation

  I have a servlet filter that checks the session for every incoming request.
  The session validation is done for every request except the login request. If a request with a new session, which is not a login request is sent, then unauthorised user is sent in the response.
  If the http request for login is sent in the form of : http://ipaddress:portnumber/myApp/login.do, and after successful login, if the subsequent requests are sent in the form of
  http://mymachinename.domain.com/myApp/processotherrequests.do (since Apache server is configured on my machine), then these requests are treated as new sessions and hence unauthorised user response is sent back.
  what could be the problem?

  The session is maintained as a cookie on the browser with the name JSESSIONID. The browser only sends cookies back to the domain that set the cookie. The browser does not know that the ipaddress and the domain name are the same so does not send the cookie.
  As an example the ip address 127.0.0.1 is equivalent to the domain name 'localhost' but the browser does not know this so a cookie created for 127.0.0.1 will not be send to in a call to 'localhost'

• JDBC Sessions in SunOne WebServer and

  Has anyone in here worked with JDBC sessions in SunOne Webserver 6.1 ( with ASE 12.5.x / JDBC JConnect 5.x of course )?
  In SunOne 6.1 webserver, you can specifically tell it to use JDBC for session persistence:
       http://docs.sun.com/source/817-1833-10/pwasessn.html
  ... by using "com.iplanet.server.http.session.JdbcStore" as the "session-data-store" property. It also goes on to allow you to specify the actual column names that are used, etc...
  According to the URL above, the columns are:
  create table sessions
  SessionID VARCHAR(100),
  AccessTime NUMERIC(9),
  TimeOut NUMERIC(9),
  Value VARBINARY(4096)
  2) What indexes are required here ??
  e.g. I presume you'll need to have a unique index on the SessionID column, and perhaps an index on AccessTime ( for the repear to delete expired sessions )
  3) Any working example sun-web.xml using JdbcStore ??
  Thanks,
  John

  2) What indexes are required here ??
  e.g. I presume you'll need to have a unique index on
  the SessionID column, and perhaps an index on
  AccessTime ( for the repear to delete expired
  sessions )You are correct on both accounts. Those are the only needed indexes as none of the other columns are used ias selection criterion.
  >
  >
  3) Any working example sun-web.xml using JdbcStore
  ??Unfortunately, our collection of samples does not include one, but I do know of customers using this Store.

• How to secure session cookie

  Iam using iPlanet 6.0SP6 in NT 4.0.
  I would like to make the session cookie JSESSIONID to be transfer only on secure connection.
  Then, I make the change to web-apps.xml as below
  <?xml version="1.0" encoding="UTF-8"?>
  <!DOCTYPE vs PUBLIC "-//Sun Microsystems, Inc.; iPlanet//DTD Virtual Server Web Applications 6.0//EN"
       "http://developer.iplanet.com/webserver/dtds/iws-webapps_6_0.dtd">
  <vs>
  <session-cookie is-secure="true"></session-cookie>
  </vs>
  After that, I restart the iplanet web server and load the page with I.E. again. I see that the cookie is still passed with non-secure mode.
  Is there any wrong with my web-apps.xml?

  Janice,
  Thanks for your help.
  When I use the below web-apps.xml, I can make the cookie in secure session.
  <?xml version="1.0" encoding="UTF-8"?>
  <!DOCTYPE vs PUBLIC "-//Sun Microsystems, Inc.; iPlanet//DTD Virtual Server Web Applications 6.0//EN"
       "http://developer.iplanet.com/webserver/dtds/iws-webapps_6_0.dtd">
  <vs>
  <web-app uri="/" dir="d:/java/docroot" enable="true">
  <session-manager class="com.iplanet.server.http.session.IWSSessionManager">
  <init-param>
  <param-name>maxSessions</param-name>
  <param-value>16000</param-value>
  </init-param>
  <init-param>
  <param-name>timeOut</param-name>
  <param-value>7200</param-value>
  </init-param>
  <init-param>
  <param-name>reapInterval</param-name>
  <param-value>30</param-value>
  </init-param>
  <init-param>
  <param-name>maxValueSize</param-name>
  <param-value>8192</param-value>
  </init-param>
  </session-manager>
  <session-cookie is-secure="true"/>
  </web-app>
  </vs>
  However, when I configure more on the web applicaiton with the web.xml, I check that the cookie no more secure.
  THe web.xml is
  <?xml version="1.0" encoding="ISO-8859-1"?>
  <!DOCTYPE web-app PUBLIC
  "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
  "http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">
  <web-app>
  <display-name>Trade Info Exchange</display-name>
  <description>
  Trade Info Exchange
  </description>
  <!-- Define servlets that are included in the example application -->
  <servlet>
  <servlet-name>Login</servlet-name>
  <servlet-class>com.chase.infra.appcontrol.servlet.LoginServlet</servlet-class>
  </servlet>
  <servlet-mapping>
  <servlet-name>Login</servlet-name>
  <url-pattern>/Login</url-pattern>
  </servlet-mapping>
  <servlet>
  <servlet-name>Fmenu</servlet-name>
  <servlet-class>com.chase.infra.appcontrol.servlet.FmenuServlet</servlet-class>
  </servlet>
  <servlet-mapping>
  <servlet-name>Fmenu</servlet-name>
  <url-pattern>/Fmenu</url-pattern>
  </servlet-mapping>
  <servlet>
  <servlet-name>Fcontent</servlet-name>
  <servlet-class>com.chase.infra.appcontrol.servlet.FcontentServlet</servlet-class>
  </servlet>
  <servlet-mapping>
  <servlet-name>Fcontent</servlet-name>
  <url-pattern>/Fcontent</url-pattern>
  </servlet-mapping>
  <servlet>
  <servlet-name>Express</servlet-name>
  <servlet-class>com.chase.apps.express.servlet.EXPRESS2</servlet-class>
  </servlet>
  <servlet-mapping>
  <servlet-name>Express</servlet-name>
  <url-pattern>/EXPRESS2</url-pattern>
  </servlet-mapping>
  <servlet>
  <servlet-name>AppControl</servlet-name>
  <servlet-class>com.chase.infra.appcontrol.servlet.AppControlServlet</servlet-class>
  </servlet>
  <servlet-mapping>
  <servlet-name>AppControl</servlet-name>
  <url-pattern>/AppControl</url-pattern>
  </servlet-mapping>
  <servlet>
  <servlet-name>errorPage</servlet-name>
  <servlet-class>com.chase.infra.appcontrol.servlet.errorPage</servlet-class>
  </servlet>
  <servlet-mapping>
  <servlet-name>errorPage</servlet-name>
  <url-pattern>/errorPage</url-pattern>
  </servlet-mapping>
  <servlet>
  <servlet-name>LoginFail</servlet-name>
  <servlet-class>com.chase.infra.appcontrol.servlet.LoginFailServlet</servlet-class>
  </servlet>
  <servlet-mapping>
  <servlet-name>LoginFail</servlet-name>
  <url-pattern>/LoginFail</url-pattern>
  </servlet-mapping>
  <servlet>
  <servlet-name>Logout</servlet-name>
  <servlet-class>com.chase.infra.appcontrol.servlet.LogoutServlet</servlet-class>
  </servlet>
  <servlet-mapping>
  <servlet-name>Logout</servlet-name>
  <url-pattern>/Logout</url-pattern>
  </servlet-mapping>
  <servlet>
  <servlet-name>ChangePwdWarning</servlet-name>
  <servlet-class>com.chase.infra.appcontrol.servlet.ChangePwdWarningServlet</servlet-class>
  </servlet>
  <servlet-mapping>
  <servlet-name>ChangePwdWarning</servlet-name>
  <url-pattern>/ChangePwdWarning</url-pattern>
  </servlet-mapping>
  <servlet>
  <servlet-name>ChangePwd</servlet-name>
  <servlet-class>com.chase.infra.appcontrol.servlet.ChangePwdServlet</servlet-class>
  </servlet>
  <servlet-mapping>
  <servlet-name>ChangePwd</servlet-name>
  <url-pattern>/ChangePwd</url-pattern>
  </servlet-mapping>
  <servlet>
  <servlet-name>ReLoginDialog</servlet-name>
  <servlet-class>com.chase.infra.appcontrol.servlet.ReLoginDialog</servlet-class>
  </servlet>
  <servlet-mapping>
  <servlet-name>ReLoginDialog</servlet-name>
  <url-pattern>/ReLoginDialog</url-pattern>
  </servlet-mapping>
  <servlet>
  <servlet-name>TradeTrackProcessSearch</servlet-name>
  <servlet-class>chase.app.tt.servlet.ProcessSearchServlet</servlet-class>
  </servlet>
  <servlet-mapping>
  <servlet-name>TradeTrackProcessSearch</servlet-name>
  <url-pattern>/TradeTrackProcessSearch</url-pattern>
  </servlet-mapping>
  <servlet>
  <servlet-name>TradeTrackSearchScreen</servlet-name>
  <servlet-class>chase.app.tt.servlet.SearchScreenServlet</servlet-class>
  </servlet>
  <servlet-mapping>
  <servlet-name>TradeTrackSearchScreen</servlet-name>
  <url-pattern>/TradeTrackSearchScreen</url-pattern>
  </servlet-mapping>
  <servlet>
  <servlet-name>TradeTrackMain</servlet-name>
  <servlet-class>chase.app.tt.servlet.MainServlet</servlet-class>
  </servlet>
  <servlet-mapping>
  <servlet-name>TradeTrackMain</servlet-name>
  <url-pattern>/LCIMPORT</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>TradeTrackMain</servlet-name>
  <url-pattern>/LCEXPORT</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>TradeTrackMain</servlet-name>
  <url-pattern>/COLLIMP</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>TradeTrackMain</servlet-name>
  <url-pattern>/COLLEXP</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>TradeTrackMain</servlet-name>
  <url-pattern>/B2BMenu</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>TradeTrackMain</servlet-name>
  <url-pattern>/B2BMain</url-pattern>
  </servlet-mapping>
  <welcome-file-list>
  <welcome-file>ctielogin.html</welcome-file>
  </welcome-file-list>
  </web-app>
  Pls advise how I can make the cookie secure for using the web.xml and web-apps.xml
  thanks
  samuel poon

• Portal Session killing or Session time out

  Hi experts
  Where we can maintain the session validation in the portal server
  Rgds,
  Priya

  Hi Priya,
  The termination of the Portal and all Web Dynpro applications as a whole is defined by the Security Session timeout.
  This is an absolute timeout value, e.g. the default is about 27h, that always terminates the whole security session after the defined period of time independtly from any user interaction.
  The expiration of the HTTP sessions is handled automaticaly and does not need to be cared about.
  When the HTTP sessions are created they get the maximum of the application session timeout and the default HTTP session timeout. After the corresponding application session has been destroyed, the HTTP session gets a very small value to expire as soon as possible.
  Go through this SAP NOTE to make the suitable changes:-
  [Note 842635|https://websmp230.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=842635&nlang=EN&smpsrv=https%3a%2f%2fwebsmp206%2esap-ag%2ede]
  Also refer to NOTE 842878 for Session Management Information.
  Hope this helps,
  Regards,
  Shailesh Nagar
  Edited by: Shailesh Kumar Nagar on Jan 31, 2008 10:07 AM

• Session tracking in JSP pages

  I've two pages in my web application which need regular refresh after a particular interval.I'm using
  (session.setMaxInactiveTime) to check the session validation.& HTML's <META> tag to regularly refresh the page after particular interval.
  On these two pages there are links to the different pages for which i'm opening a new window.
  But i'm losing the session after some time & i'm not able to catch the source from where the session is getting invalidated.even when i'm using meta tag of html to refresh the page.
  I'm also using HttpSessionEventListener Interface to know when the session.putValue & session.removeValue
  functions are used.
  I hope the problem is clear to you people.
  an urgent help/suggestion will be appreciated.
  thanks in advance

  Hi,
  it isn't easy see your problem. When you losing your session? When you hava open a link from your page i a new browser window (instance) and return?
  Also check follow: when no validate session exist, a jsp open a new session, else you use <%@ page session="false" %>
  Roland