ISSUE WITH SESSION

Similar Messages

• Issue with session management with portal 701 AFP

  Hi portal experts,
  We are facing an issue with one of our portal 7 ehp1 running the AJAX framework pages.
  When logging off, the DSM popup is shown and it disappears. However, the backend sessions are kept alive when we look in transaction SM12, which indicates that the backend session has not been closed (proven in transaction SM04)
  The same issue arises when closing a popup window. In this case, no DSM popup is shown and the sessions are maintained as well.
  Popup blockers are disabled
  Portal url and backend url are in the trusted sites collection
  Does this have something to do with the AJAX framework?
  Does anyone have any pointers for us?
  Thanks in advance!
  Regards,
  Luk

  Hi Tom,
  I already came across this note earlier. Currently I'm unable (not allowed) to install the httpwatch utility.
  To add to the complexity, web dispatchers are used to access the portal and used between the portal and the backend systems. If I understood correctly, we need to have the ABAP Security Sessions Enabled setting turned on in this sort of landscape. Is this correct?
  If it is not required, couldn't we just turn off this setting?
  Thanks in advance!
  kr,
  Luk

• Issue with Session ID during POST

  Hi All,
  I am using Weblogic server version weblogic 9.2 and facing an issue with the session ID.
  I have a client side script with numerous GET calls and one POST call that it makes in a single session. Frequently I come across with issue that the session ID that I send in POST request is not the same as received and this affects my subsequent GET calls not to be in the same session. The call order is like this
  GETij/POSTij where i is the sent and j is the recieved session IDs.
  [GET11, GET11, GET11, POST12, GET11, GET11, <after few secs interval> GET22, GET22]
  I store the session id in a cookie. And I always create a session using the HttpServletRequest.getSession();
  Can some one advice on this.
  Thanks
  Shankar

  Hi,
  Again as a follow-up, I am using net scape ns plugin for load balancing (iPlanet/Weblogic). The issue happens when the primary server id and the secondary server id are same in the session id (set in the cookie) when the cookie is sent and received, where session id is of the default format <session id>!<primary server id>!<secondary server id>
  Any clue?

• Known Issues with Session Vars and non-IE browsers?

  Are there any known issues with non-Internet Explorer
  browsers storing or reading session variables. Or loops and
  ListGetAt functions? I'm using CF 5.
  The code works fine in IE, but not in FireFox or Netscape.
  Thanks,
  Josh

  This testing will not really address any cross domain issues, due to the content being hosted by ScormCloud.
  What I found interesting, is that in ScormCloud, using the links below, my results were opposite those that I obtained through my LMS.
  In LMS, Captivate 5 worked, Captivate 6 did not in IE8, both worked in FF
  In ScormCloud, Captivate 5 did not work in IE8, but worked in FF, and Captivate 6 did work in FF and IE8.
  Here are the links:
  captivate 5 http://cloud.scorm.com/sc/InvitationConfirmEmail?publicInvitationId=3c04f298-d0db-4d10-ab6 3-80b9aaf2890b
  captivate 6 http://cloud.scorm.com/sc/InvitationConfirmEmail?publicInvitationId=e2b05753-2f03-421a-87d 9-62b92ad199af
  Thanks for your attention, every bit of information that I can get will help.
  Thanks,
  SL

• Weird Issue with session collection creation

  Hello everybody,
  While building a fully redundant RDS infrastrcutre I cam across this issue
  While creating the session collection through Server Management on Windows Server 2012 R2 I get the following error:
  "Unable to configure the RD Session Host server - Invalid Operation".
  Here is a detailed spec of the environment:
  - 2 RDS brokers connected in HA mode to a Cluestered SQL Instance
  - 2 RDS license servers that are correctly configured on the session hosts
  - 3 RDS Session Hosts
  All are Windows Server 2012 R2
  I have checked the Event logs also and everything I do not see any issues, the session hosts have correct communication between one another and to the license and rd  broker servers.
  At this point I am really lost.
  Anybody have any ideeas about such a ambiguous error?
  Thank you!
  Above and Beyond Information Technology

  Hi,
  Thank you for sharing your experience here. It will be very beneficial for other community members who have similar questions. 
  Regards.
  Dharmesh Solanki
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Issue with session variable

  Hi,
  I'm trying to setup a session variable to filter an Answer query based on the user login name. I've created the following
  - A database table that contains a user name and its related filter (Entity)
  - An initialization block for the session variable to issue the following sql: select Entity from table where user_name = ':USER'
  - Created a target session variable called CURR_ENTITY as the target and assign a default value as 'No entity'.
  - Filter my Answer query to use the session variable CURR_ENTITY
  After restart of BI server and Presentation services and opening the report, CURR_ENTITY is always set to the default value. I've checked NQQuery,.log and looks like the initialization block was not returning any rows.
  Any ideas on how to get around this issue? Thanks.
  Regards,
  Gerd

  Hi gerd,
  select Entity from table where user_name = ':USER'Check if this query is returning values in the backend DB.If so it is returning then it should work fine in session variable.
  After defining the target variable CURR_ENTITY and test it in the screen.That shows you is it picking all the values or a single defaulted value.
  If its showing all values then re-check your block once again.
  (OR)
  In the target variable instead of variable define row-wise initialization (i mean check it) and change the SQL in the variable to this
  select 'CURR_ENTITY',Entity from table where user_name = ':USER'
  and test it so you can use it in answers .....it should work with what is required.
  hope answered the question.
  Cheers,
  KK

• A simple app to secure coldfusion pages - Running into an issue with Session

  Hello, I am testing out how to protect pages in coldfusion and have run into an issue when attempting to create a process by which users can log out.
  Essentially, I have three pages:
  Page A - The form that submits to Page B
  Page B - That checks the form.username and form.password against a database (works fine)
  Page C - Logout page (Which is where I am having an issue).
  Page C throws a "variable Session is undefined" error
  Here is the code on Page C:
  <cfset StructClear(Session)>
  <cflocation url="index.cfm">
  Here is the code on Page B:
  <cfif NOT IsDefined ("form.username")>
  <cflocation url="index.cfm" addtoken="No">
  </cfif>
  <cfquery name="test" datasource="cfdb">
  SELECT * FROM USERS
  WHERE USERNAME = '#FORM.username#'
  AND PASSWORD = '#FORM.password#'
  </cfquery>
  <!---<CFSET Session.LoggedIn = "1">
  <CFSET Session.FirstName = "#test.FirstName#">--->
  <CFIF test.RecordCount IS 0>
  <cflocation url="index.cfm" addtoken="No">
  <CFSET StructClear(Session)>
  <cfelse>
  <CFSET Session.LoggedIn = "1">
  <!---<cflocation url="test.cfm" addtoken="No">--->
  </cfif>
  <html xmlns="http://www.w3.org/1999/xhtml">
  <head>
  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
  <title>Untitled Document</title>
  </head>
  <body>
  <p><a href="logout.cfm">Log Out</a></p>
  <p> </p>
  <p> </p>
  <p><br>
    This content is protected.
  </p>
  </body>
  </html>
  As you can see, nothing fancy
  Now, I thought that the Session variable could be accessed by any page within a given browser instance, but I am obviously wrong.
  What do I need to do for Page C (my logout page to be able to access the session variable).
  Any guidance is greatly appreciated!

  1.
  “Variable Session is undefined” error comes up when you try to manipulate a session variable which does not exist, as at that point in time. To take care of possible empty session structures, it is good practice to check first if your session is defined.
  So you will have something like:
  <cfif isDefined("session")>
  <cfset StructClear(Session) />
  <cfelse>
  <cflocation url="index.cfm">
  </cfif>
  2.
  To enable you access your session variables from any page in your application, you need to enable session management in your Application.cfm or Application.cfc.
  cfm   <cfapplication sessionmanagement="Yes" />
  cfc        <cfcomponent>
  <cfset THIS.SessionManagement = "Yes" />
  </cfcomponent>
  Reference…http://help.adobe.com/en_US/ColdFusion/9.0/Developing/WSc3ff6d0ea77859461172e0811cbec22c24 -7c48.html

• Reg. Issue with Session Bean -- EJB3

  Have a state full session bean (SFSB):
  @Stateful
  public class test implements itest{
  private static final long serialVersionUID = -4929837299158287545L;
  private int q= 0;
  public void assign(int p) {
  q = p;
  Inetrface is:.
  @Remote
  public interface itest extends Serializable {
  public void assign(int p);
  Accessed as:
  Properties properties = new Properties();
  properties.put(Context.INITIAL_CONTEXT_FACTORY,
  "org.jnp.interfaces.NamingContextFactory");
  properties.put(Context.URL_PKG_PREFIXES, "org.jnp.interfaces");
  properties.put(Context.PROVIDER_URL, "localhost");
  InitialContext ctx = new InitialContext(properties);
  Object i = (itest) ctx.lookup("test/remote");
  itest t = (itest) PortableRemoteObject.narrow(i, itest.class);
  This piece of code fails giving error
  java.lang.ClassCastException: $Proxy135 ....
  But if i change, the state full session bean (SFSB) to stateless session bean (SLSB) i.e @Stateless
  Everything works fine.
  Environment : JBoss as the App Server.
  Any help appreciated.

  Hi Shailesh,
  Thank you for the reply.
  I checked the JCO's and everything is working fine.
  And to be more clear.
  I have the same application in 2 roles and in ESS role the application is working fine but the user in discussion is an external user and we have config in place for externals.
  In XYZ role where the application is not working we created a new role to satisfy the authorizations. which are same in dev and QA. the application for the user with same authorization is working fine in dev but the same is not working in QA.
  Any other inputs will be helpful.
  Thanks & Regards,
  Pramod

• ViewExpiredException issue with session invalidate on IE9

  Hi guys,
  I have posted this on the ADF forum as well as I'm not sure of the root cause is JHeadstart related or not - but I thought I would check also here to see if anyone else has encountered this ...
  I'm using JDeveloper 11.1.1.6 (JHeadstart 11.1.1.4.26) and having problems when calling "session.invalidate();" with my custom JhsAuthenticationFilter. If i log on and immediately log out (so no web.xml timeout which is set to 25 min) - The message shown on screen is
  "Because of inactivity, your session is timed out and is no longer active. Click on OK to reload the page"
  In the log files, the following error is thrown
  <BindingContext> <put> [3126] Replacing: null with: XXXXX_UIShellPageDef
  <StateManagerImpl> <restoreView> Could not find saved view state for token -a6jozll3a
  <LifecycleImpl> <_handleException> ADF_FACES-60098:Faces lifecycle receives unhandled exceptions in phase RESTORE_VIEW 1
  javax.faces.application.ViewExpiredException: viewId:/pages/UIShell.jspx - ADF_FACES-30107:The view state of the page has expired.  Reload the page.
       at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._restoreView(LifecycleImpl.java:751)
       at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:374)
       at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:194)
       at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265)
       at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
       at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
       at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
       at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
       at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:205)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
       at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:106)
       at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446)
       at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:60)
       at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446)
       at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:271)
       at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:177)
       at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
       at hmdclinical.pulse.view.PulseAuthenticationFilter.doFilter(PulseAuthenticationFilter.java:273)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
       at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:119)
       at java.security.AccessController.doPrivileged(Native Method)
       at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:315)
       at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:442)
       at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:103)
       at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:171)
       at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
       at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:119)
       at java.security.AccessController.doPrivileged(Native Method)
       at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:315)
       at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:442)
       at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:103)
       at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:171)
       at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
       at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:139)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
       at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
       at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715)
       at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
       at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
       at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
       at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277)
       at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
       at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
       at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
       at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
  <ADFLogger> <addContextData> Execute queryI have the web.xml parameter org.apache.myfaces.trinidad.CLIENT_STATE_MAX_TOKENS set to 15.
  This ONLY happens when using IE9 - using Firefox or Chrome it's not a problem. I'm guessing something is trying to access the page def after the token for the view has already been removed as part of the session.invalidate() ?
  How can I find out what the root cause is and why is this only a problem with IE and not Chrome or Firefox ?
  Any help greatly appreciated !!
  Cheers,
  Brent

  Brent,
  I think it is best to make a very simple testcase without JHeadstart (you can cust and paste code from the jhs auth fillter as needed) and then attach your testcase to the post on JDev forum, or copntact Oracle support.
  Looks like a browser-specific ADF bug to me.
  Steven Davelaar,
  JHeadstart Team.

• Issue with Session variables

  Hi SDNers,
  I have a few portal components on the portal page that save data directly to the http session as well as some data is stored in the bean and the bean is stored in the component's session.
  When the user logs in and views the portal page, the user is able to see the data correctly as all the values exist in the session.
  The portal components contain navigation links via EPCM to other portal pages.
  If the user clicks on a navigation link to a portal page which contains portal component iViews the session values in the session are retained.
  However, if the user clicks on a link to navigate to a portal page that contains ESS applications or the standard UWL iView and once it is loaded he/she clicks on any TLN entry, then the session values and the bean get nullified, thus resulting in null session values.
  I am a bit confused as to why does this behaviour only happen when pages with ESS apps or Std. UWL iview are loaded and any TLN entry is clicked.
  Any help would be apprciated.
  Regards,
  Melwyn

  Any solutions?
  Regards,
  Melwyn

• Issue with Session slot after implement the tacacs+ on FWSM

  Hi,
  I am trying to implement  tacacs+ on FWSM module using 4.1(10),
  only facing issue when trying to connect from Switch (session slot)
  (Command authorization failed) Rest of the things working fine 
  here is the output
  Router#session slot 3 processor 1
  The default escape character is Ctrl-^, then x.
  You can also type 'exit' at the remote prompt to end the session
  Trying 127.0.0.31 ... Open
  User Access Verification
  Password:
  Type help or '?' for a list of available commands.
  FWSM> en
  Command authorization failed
  Below is the configration done on FWSM
  FWSM# sh run | in aaa
  aaa-server NEW protocol tacacs+
  aaa-server NEW host 10.70.20.1
  aaa authentication enable console NEW LOCAL
  aaa authentication ssh console NEW LOCAL
  aaa authorization command NEW LOCAL
  aaa accounting command NEW
  Can anyone help me solve this issue
  Thanks

  Issue has been solved after using this ...
  aaa authentication telnet console NEW LOCAL
  thanks

• Issue with session.invalidate() in OC4J

  Ok, here's the thing- I've got a servlet that autogenerates
  pages to the client via XSL; so far so good. However whenever
  the login page is displayed, we would like to "logout" the
  current user if there is one and start fresh, as it were. All of
  our persistent data is stored via the user's session object so
  we are doing something like this:
  public void doGet( HttpServletRequest request) {
  HttpSession session = request.getSession();
  // Some misc. stuff happens here;
  // Nothing is written to the session, however
  if ( page == LOGIN_PAGE) {
  session.invalidate();
  session = request.getSession();
  String info = session.getAttribute( "INFO");
  As soon as we request the attribute, after performing the
  session invalidation & re-obtaining a new session the system
  bails with an IllegalStateException: Session invalidated
  exception.
  Note that the exact same code works under the Sun Reference
  Implementation (Apache Groups Tomcat 4.0) and is pretty much
  verbatim from Jason Hunter's book Java Servlet Programming 2nd
  Edition pg. 220.
  Any ideas for a fix and/or workaround?

  Hi
  This works, here is a sample I've run on OC4J
  public class SessionTestServlet extends HttpServlet
  private static final String CONTENT_TYPE = "text/html";
  HttpSession sess = null;
  private static boolean login_page = true;
  public void init(ServletConfig config) throws ServletException
  super.init(config);
  public void doGet(HttpServletRequest request,
  HttpServletResponse response) throws ServletException,
  IOException
  sess = request.getSession(true);
  try
  if (login_page)
  if(sess != null)
  sess.invalidate();
  sess = request.getSession(true);
  sess.setAttribute("name","kalle");
  catch(Exception e)
  e.printStackTrace();
  response.setContentType(CONTENT_TYPE);
  PrintWriter out = response.getWriter();
  out.println("<html>");
  out.println
  ("<head><title>SessionTestServlet</title></head>");
  out.println("<body>");
  out.println("<p>Session: "+ sess+"<p>Name: "+
  sess.getAttribute("name"));
  out.println("</body></html>");
  out.close();
  Regards
  //Mike

• MS Remote Desktop for Mac (v8.0.9 - 8.0.12): issue with "Session (ID #) remote control failed."

  Hello,
  I'm a SysAdmin for a small-med business in CO. We use a cluster of 3 RDS servers that are load-balanced with round-robin DNS and an RD Gateway. When I remote in from a PC, all works as expected. However, when I remote in from my MacPro (my main machine at home)
  and try to remote control a user's session, I get this error: 
  Note the ID number is unique to the user's RDP session, so will vary each time. 
  This is 100% a bug in the "Microsoft Remote Desktop for Mac" program; I am positive of it at this point. 
  Does anyone from MS actually monitor these threads at all, or am I wasting my time? Thanks...

  Hi,
  As this happens with him specific from MRD MAC check whether he is taking RDP with IP address or hostname. Also try to uncheck the Option "Bypass RD Gateway for local address" under RDSH configuration and verify the result. 
  Also for more detail he can collect log from MAC side by following path.
  Microsoft Remote Desktop>About Microsoft Remote Desktop>Send log via email
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Having an issue with passing the text of a link to a session variable.

  I am having an issue with passing the text from a link to a session variable. I am adding this html as a literal for each item in the list that i have populated with a query.
  List<Literal> lit = new List<Literal>();
  for (int i = 0; i < posts.Count; i+=4)
  Literal someLit = new Literal();
  someLit.Text=
  @"<div class='row'>" +
  "<div class='col-md-12'>" +
  "<div class='panel'>" +
  " <div class='panel-body'>" +
  " <!--/stories-->" +
  " <div class='row'> " +
  " <br>" +
  "<div class='col-md-2 col-sm-3 text-center' id='javascript'> <h3>" +
  " <a href='#' runat='server' onserverclick='UserProfile_Click'>" + posts[i + 3] + " </a>" +
  "</h3>" +
  " </div>" +
  " <div class='col-md-10 col-sm-9'>" +
  "<h3><a href='Thread.aspx' runat='server' onserverclick='MyFuncion_Click'> " + posts[i] + " </a></h3>" +
  " <div class='row'>" +
  " <div class='col-xs-9'> " +
  posts[i + 1] +
  " </div>" +
  "<div class='col-xs-3'></div>" +
  posts[i + 2] +
  " </div>" +
  "<br><br>" +
  " </div>" +
  " </div>" +
  " <!--/stories-->" +
  " </div>" +
  " </div>" +
  " </div><!--/col-12-->" +
  " </div>" +
  "</div>";
  lit.Add(someLit);
  for(int i=0; i<lit.Count; i++)
  this.Controls.Add(lit[i]);
  I use one of the list positions as the text for a link in two different spots. For now, lets only talk about the line:
  <a href='#' runat='server' onserverclick='UserProfile_Click'>" + posts[i + 3] + " </a>
  Since I am generating these controls at pageLoad, I can't make them <asp:Linkbutton>s. And since they are anchor elements, I don't have access to an onCommand attribute or onservercommand attribute.
  All I want to do is access the content from inside the specific link tags that I generate on link click and set it as a session variable. That's what I would like my UserProfile_Click function to do. I cant commandargs it in like i can with a linkbutton's
  OnCommnad attribute, however.
  My fear is that the onserverclick attribute resolves so something else on pageLoad normally and since I am generating it the way I am similar to the way a <asp:linkButton> resolves to a generated JavaScript.
  Any help?

  @Brunellus
  For questions related to ASP.NET use the ASP.NET forum http://forums.asp.net     
  You should get more, better and faster answers on the other forum.  Thanks, ahead of time.
  Best Regards,
  Kristin
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• Issue with "read by other session" and a parallel MERGE query

  Hi everyone,
  we have run into an issue with a batch process updating a large table (12 million rows / a few GB, so it's not that large). The process is quite simple - load the 'increment' from a file into a working table (INCREMENT_TABLE) and apply it to the main table using a MERGE. The increment is rather small (usually less than 10k rows), but the MERGE runs for hours (literally) although the execution plan seems quite reasonable (can post it tomorrow, if needed).
  The first thing we've checked is AWR report, and we've noticed this:
  Top 5 Timed Foreground Events
  Event     Waits     Time(s)     Avg wait (ms)     % DB time     Wait Class
  DB CPU           10,086           43.82     
  read by other session     3,968,673     9,179     2     39.88     User I/O
  db file scattered read     1,058,889     2,307     2     10.02     User I/O
  db file sequential read     408,499     600     1     2.61     User I/O
  direct path read     132,430     459     3     1.99     User I/OSo obviously most of the time was consumed by "read by other session" wait event. There were no other queries running at the server, so in this case "other session" actually means "parallel processes" used to execute the same query. The main table (the one that's updated by the batch process) has "PARALLEL DEGREE 4" so Oracle spawns 4 processes.
  I'm not sure how to fix this. I've read a lot of details about "read by other session" but I'm not sure it's the root cause - in the end, when two processes read the same block, it's quite natural that only one does the physical I/O while the other waits. What really seems suspicious is the number of waits - 4 million waits means 4 million blocks, 8kB each. That's about 32GB - the table has about 4GB, and there are less than 10k rows updated. So 32 GB is a bit overkill (OK, there are indexes etc. but still, that's 8x the size of the table).
  So I'm thinking that the buffer cache is too small - one process reads the data into cache, then it's removed and read again. And again ...
  One of the recommendations I've read was to increase the PCTFREE, to eliminate 'hot blocks' - but wouldn't that make the problem even worse (more blocks to read and keep in the cache)? Or am I completely wrong?
  The database is 11gR2, the buffer cache is about 4GB. The storage is a SAN (but I don't think this is the bottleneck - according to the iostat results it performs much better in case of other batch jobs).

  OK, so a bit more details - we've managed to significantly decrease the estimated cost and runtime. All we had to do was a small change in the SQL - instead of
  MERGE /*+ parallel(D DEFAULT)*/ INTO T_NOTUNIFIED_CLIENT D /*+ append */
    USING (SELECT
        FROM TMP_SODW_BB) S
    ON (D.NCLIENT_KEY = S.NCLIENT_KEY AND D.CURRENT_RECORD = 'Y' AND S.DIFF_FLAG IN ('U', 'D'))
    ...(which is the query listed above) we have done this
  MERGE /*+ parallel(D DEFAULT)*/ INTO T_NOTUNIFIED_CLIENT D /*+ append */
    USING (SELECT
        FROM TMP_SODW_BB AND DIFF_FLAG IN ('U', 'D')) S
    ON (D.NCLIENT_KEY = S.NCLIENT_KEY AND D.CURRENT_RECORD = 'Y')
    ...i.e. we have moved the condition from the MERGE ON clause to the SELECT. And suddenly, the execution plan is this
  OPERATION                           OBJECT_NAME             OPTIONS             COST
  MERGE STATEMENT                                                                 239
    MERGE                             T_NOTUNIFIED_CLIENT
      PX COORDINATOR
        PX SEND                       :TQ10000                QC (RANDOM)         239
          VIEW
            NESTED LOOPS                                      OUTER               239
              PX BLOCK                                        ITERATOR
                TABLE ACCESS          TMP_SODW_BB             FULL                2
                  Filter Predicates
                    OR
                      DIFF_FLAG='D'
                      DIFF_FLAG='U'
                TABLE ACCESS          T_NOTUNIFIED_CLIENT       BY INDEX ROWID    3
                  INDEX               AK_UQ_NOTUNIF_T_NOTUNI    RANGE SCAN        2
                    Access Predicates
                      AND
                        D.NCLIENT_KEY(+)=NCLIENT_KEY
                        D.CURRENT_RECORD(+)='Y'
                    Filter Predicates
                      D.CURRENT_RECORD(+)='Y' Yes, I know the queries are not exactly the same - but we can fix that. The point is that the TMP_SODW_BB table contains 1639 rows in total, and 284 of them match the moved 'IN' condition. Even if we remove the condition altogether (i.e. 1639 rows have to be merged), the execution plan does not change (the cost increases to about 1300, which is proportional to the number of rows).
  But with the original IN condition (that turns into an OR combination of predicates) in the MERGE ON clausule, the cost suddenly skyrockets to 990.000 and it's damn slow. It seems like a problem with cost estimation, because once we remove one of the values (so there's only one value in the IN clausule), it works fine again. So I guess it's a planner/estimator issue ...