JRun session id being re-used

Similar Messages

• Shopping cart - prevent same session ref being re-used after an order ?

  Whenever a user enters site and new session is created, along with a unique session ref (uuid).
  Various housekeeping is performed when the session expires
  BUT, how do I prevent a user who's just ordered, from returning to the site and re-using the same session ref ?
  What's the best solution ? Can I prematurely expire the session, or perhaps start a new one and attach this user to it ?

  Dax Trajero wrote:
  ... how do I prevent a user who's just ordered, from returning to the site and re-using the same session ref ?
  Deny a returning paying(!) customer his session? Yours might be the only shop in town doing that.
  If your session housekeeping is any good, then the session variables  pertaining to shopping-cart, payment and delivery would have been  cleared or re-initialized. Often, starting a new session means logging in again. There are a number of reasons why that can be undesirable.
  I did an e-commerce course for a year, and learned some strange things. It is in fact to your advantage that a returning customer should keep his session, even after ordering.
  For example, it is well known that the chances of a returning customer placing a new order is much higher when he is already logged in than when he has to log in afresh. You could test that hypothesis yourself. Psychologists have also found that e-shoppers often return to the shop to gloat at the goodies they've just ordered. You wouldn't want to deny them their gloating session, would you?

• Session Cookies Being Overwritten Browsing From SSL to Non SSL

  I have created a bug report for this issue as well.
  Please note I am using J2EE session variables so keep that in mind.
  I am seeing session cookies being overwritten when browsing from an SSL connection to a non SSL connection.
  For example:
  Visiting https://www.domain.com/ results in a JSESSIONID cookie being set with details being send for "Encrypted connections only".
  Visiting http://www.domain.com/ results in a JSESSIONID cookie being set with details being send for "Any type of connection".
  Here's the problem:
  Say for example, you're logging into an admin module located at https://www.domain.com/admin/. Once authenticated and some session variables are set, you browse to http://www.domain.com/. When that happens your session cookie (JSESSIONID) is overwritten with a new value and you instantly lose your authentication in the admin module.
  Obviously this is causing massive problems for my clients that bounce back and forth from SSL to non SSL connections which is common for e-commerce websites.
  Steps to Reproduce:
  1. Clear your cookies.
  2. Visit a web page such as https://www.domain.com/. Note the JSESSIONID cookie value.
  3. Visit a web page such as http://www.domain.com/. Note the JSESSIONID cookie value and how it was overwritten.
  This behavior changed in ColdFusion 10. ColdFusion 9 did not overwrite the session cookie.
  Has anyone else experience this?

  Deleting and re-adding my account seems to have fixed it.  I think when I initially added my Google Talk account, it was by using the "Add Jabber Account" under 10.6 or something.  Now, when I re-added my account, I notice both "Google Talk" and "Jabber" are options, so my thought here is that Jabber and Google Talk options are no longer quite the same thing.

• Restricting particular session variables being shared

  i am using weblogic 10.3.
  I have an EAR with has 2 WAR in it , with session sharing enabled in the weblogic-application.xml . I understand that this will make all the variables that are added in the session to be shared by both WAR, but i want a particular variable added in the session not to shared by both WAR, it should be accessible by only WAR1.
  Please help me
  Zeeshan

  "Restricting particular session variables being shared"
  You can use the 'transient' keyword for this purpose, for example,
  public class Example implements Serializable {
      private String replicate;
      private transient String notReplicate;
  }The 'replicate' attribute is replicated when the Example object is put in the session, the 'notReplicate' attribute is not.

• Portal session not being terminated. browser "unload" event

  This line of code is in the portallauncher.default and eventually causes the problem:
  EPCM.subscribeEvent("urn:com.sapportals.portal:browser", "unload", releaseProducerSessions);
  releaseProducerSessions eventually calls a portal component
  WSRPSessionRelease.. which is causing the problem.
  When we upgraded from EP 6.0 to NW 2004, users started recieving the Netweaver Login Screen when they logged out and logged back in, in the same browser. We think this error occurs because NW 2004 implements Web Services Remote Portal functionality.
  We are using SiteMinder as a third party session management tool.
  What we found was that the Siteminder session was being killed but the Portal session was not. Therefore, when users logged back in they would see the generic Netweaver Login Screen, and they could actually just hit "enter" and continue to the portal.
  A successful logoff, users clicked the logoff button, the DSM terminator was being called, thus killing the portal session, then a form was submitted redirecting the users the the siteminder loggoff page, which logs the users off siteminder.
  When the logoff failed, we found that after the DSM Terminator was called
  and before the page was being redirected, a portal component
  (WSRPSessionRelease) was being called, which in turn, RECREATED the portal session. So the user never actually gets logged off from the portal.
  We found that the WSRPSessionRelease component is set to
  a "browser" "unload" event when the portallauncher.default component is first loaded. This is the same component that is being called when the user clicks the "X" to force close the browser.
  Not everytime is the WSRPSessionRelase component being called before the redirect to the siteminder logg off page. Sometimes this component is called after the redirect, and we find that this is a successful loggoff.
  The component is:
  irj/servlet/prt/portal/prtroot/com.sap.portal.wsrp.coreconsumer.WSRPSessionRelease

  Hello Michael,
  The 'log off' issue is a known issue with Portal since EP 6
  Had faced similar issue and SAP suggests to redirect the 'log off' link to another non-SAP site...like your company intranet site.
  This will help the session to break.
  There are 1-2 SAP Notes on this as well.
  Hope this helps.
  Regards,
  Ritu

• Portal session not being terminated

  When we upgraded from EP 6.0 to NW 2004, users started recieving the
  Netweaver Login Screen when they logged out and logged back in, in the
  same browser. We think this error occurs because NW 2004 implements Web
  Services Remote Portal functionality.
  We are using SiteMinder as a third party session management tool.
  What we found was that the Siteminder session was being killed but the
  Portal session was not. Therefore, when users logged back in they would
  see the generic Netweaver Login Screen, and they could actually just
  hit "enter" and continue to the portal.
  A successful logoff, users clicked the logoff button, the DSM terminator
  was being called, thus killing the portal session, then a form was
  submitted redirecting the users the the siteminder loggoff page, which
  logs the users off siteminder.
  When the logoff failed, we found that after the DSM Terminator was called
  and before the page was being redirected, a portal component
  (WSRPSessionRelease) was being called, which in turn, recreated the
  portal session. So the user never actually gets logged off from the
  portal.
  We found that the WSRPSessionRelease component is set to
  a "browser" "unload" event when the portallauncher.default component is
  first loaded. This is the same component that is being called when the
  user clicks the "X" to force close the browser.
  Not everytime is the WSRPSessionRelase component being called before the
  redirect to the siteminder logg off page. Sometimes this component is
  called after the redirect, and we find that this is a successful loggoff.
  The component is:
  irj/servlet/prt/portal/prtroot/com.sap.portal.wsrp.coreconsumer.WSRPSessio
  nRelease

  Hi Michael, we are facing the same error. Have you found a solution?
  Thanks in advance and best regards

• Session is being torn down. Reason: User Requested

  Hi,
  I have an issue with a Site to site VPn using IPSec.
  I have several tunnels all configured the same and this is the only one with the isssue. looks like the VPN is dropped whene remote peer pings the internal IP (172.16.30.88). Tunnel drops after 7 - 8secs.
  I got this message when enabling isakmp debug :
  Nov 04 17:20:32 [IKEv1]Group = 2XX.YY.140.135, IP = XX.YY.140.135, Session is being torn down. Reason: User Requested
  I would really appreciate some advice about how to troubleshoot this issue, as i am new to ASA.
  Here are some more logs :
  Thanks in advance !
  5|Nov 04 2013|16:53:19|713904|||||IP = XX.YY.140.135, Received encrypted packet with no matching SA, dropping
  4|Nov 04 2013|16:53:19|113019|||||Group = XX.YY.140.135, Username = XX.YY.140.135, IP = XX.YY.140.135, Session disconnected. Session Type: LAN-to-LAN, Duration: 0h:00m:10s, Bytes xmt: 608, Bytes rcv: 128, Reason: User Requested
  5|Nov 04 2013|16:53:19|713259|||||Group = XX.YY.140.135, IP = XX.YY.140.135, Session is being torn down. Reason: User Requested
  6|Nov 04 2013|16:53:19|302020|172.16.10.19|0|172.16.10.254|0|Built inbound ICMP connection for faddr 172.16.10.19/0 gaddr 172.16.10.254/0 laddr 172.16.10.254/0
  6|Nov 04 2013|16:53:19|602304|||||IPSEC: An inbound LAN-to-LAN SA (SPI= 0x0864D3AB) between XX.YY.140.135 and 202.171.68.14 (user= XX.YY.140.135) has been deleted.
  6|Nov 04 2013|16:53:19|602304|||||IPSEC: An outbound LAN-to-LAN SA (SPI= 0x94F43112) between 202.171.68.14 and XX.YY.140.135 (user= XX.YY.140.135) has been deleted.
  5|Nov 04 2013|16:53:18|713050|||||Group = XX.YY.140.135, IP = XX.YY.140.135, Connection terminated for peer XX.YY.140.135.  Reason: Peer Terminate  Remote Proxy 192.168.0.0, Local Proxy 172.16.30.88
  6|Nov 04 2013|16:53:18|302020|172.16.30.88|0|192.168.0.1|26299|Built outbound ICMP connection for faddr 192.168.0.1/26299 gaddr 172.16.30.88/0 laddr 172.16.30.88/0
  6|Nov 04 2013|16:53:18|302020|192.168.0.1|26299|172.16.30.88|0|Built inbound ICMP connection for faddr 192.168.0.1/26299 gaddr 172.16.30.88/0 laddr 172.16.30.88/0
  5|Nov 04 2013|16:53:08|713120|||||Group = XX.YY.140.135, IP = XX.YY.140.135, PHASE 2 COMPLETED (msgid=f141e93e)
  6|Nov 04 2013|16:53:08|602303|||||IPSEC: An inbound LAN-to-LAN SA (SPI= 0x0864D3AB) between 202.171.68.14 and XX.YY.140.135 (user= XX.YY.140.135) has been created.
  6|Nov 04 2013|16:53:08|602303|||||IPSEC: An outbound LAN-to-LAN SA (SPI= 0x94F43112) between 202.171.68.14 and XX.YY.140.135 (user= XX.YY.140.135) has been created.
  5|Nov 04 2013|16:53:08|713049|||||Group = XX.YY.140.135, IP = XX.YY.140.135, Security negotiation complete for LAN-to-LAN Group (XX.YY.140.135)  Responder, Inbound SPI = 0x0864d3ab, Outbound SPI = 0x94f43112
  5|Nov 04 2013|16:53:08|713119|||||Group = XX.YY.140.135, IP = XX.YY.140.135, PHASE 1 COMPLETED
  6|Nov 04 2013|16:53:08|113009|||||AAA retrieved default group policy (CLT_TEASOA_L2L_GroupPolicy) for user = XX.YY.140.135
  6|Nov 04 2013|16:53:08|713172|||||Group = XX.YY.140.135, IP = XX.YY.140.135, Automatic NAT Detection Status:     Remote end is NOT behind a NAT device     This   end is NOT behind a NAT device

  Hi Florian
  tunnel is coming UP?
  if so and after few time is going down...sometimes could be related to sessions timeout issues.
  try to configure SLA with infinite ping  and see if this works.
  sla monitor x
  type echo protocol ipIcmpEcho sla_monitor_address interface outside_interface
  frequency 5
  exit
  sla monitor schedule 1 life forever start-time now

• I've had my ipod shuffle (2nd generation) for a long time now and after a year and a bit of not being in use it doesn't work. When I connect it to the computer it doesn't come up. Can my ipod be charged or fixed?

  I've had my ipod shuffle (2nd generation) for a long time now and after a year and a bit of not being in use it doesn't work. When I connect it to the computer it doesn't come up. Can my ipod be charged or fixed? Please help!

  That is about normal. You can maximize battery life by changing some settings. See:
  Apple - Batteries - iPod
  Apple will exchange your iPod for a refurbished one for with a new battery for $79. They do not fix yours.
  Apple - iPod Repair price                       
  A third-party place like the following will replace your battery for less. Google for more.
  iPhone Repair, Service & Parts: iPod Touch, iPad, MacBook Pro Screens
  Replace the battery yourself if you are up to it. You can purchase a replacment for about $10
  iPod Touch Repair – iFixit                  

• I get an error when starting firefox on several user profiles: the bookmarks and history are not functional something about the file being in use.

  Windows Server 2008 R2, Windows 7 workstations, the appdata folder is redirected to a network share at \\server\profiles and several users are unable to use bookmarks getting an error about the file being in use. I'm wondering if maybe my antivirus (Trend Micro) or my backups (Symantec) might be locking up the places.sqlite for these users? Though I don't understand why it would be for some users and not others. I can't be the first one and I'm not coming up with anything searching google endlessly. Anybody else run into this?

  hello, yes this is likely caused by an external program locking access to the bookmarks/history database. you could try renaming the file in question & see if it is working when it is regenerated, this will clear bookmarks and the history though, so keep a backup...
  [[Fix "The bookmarks and history system will not be functional" error message]]
  http://kb.mozillazine.org/Bookmarks_history_and_toolbar_buttons_not_working_-_Firefox

• I have an email account causes the machine to hang up after being in use for a day.  It only occurs on my Macbook Pro and only one particular account.  The problem account works fine on my iMac and Windows Machines.  Any ideas what is causing this?

  I have an email account causes the machine to hang up after being in use for a day.  It only occurs on my Macbook Pro and only one particular account.  The problem account works fine on my iMac and Windows Machines.  I have been to the local Genius bar and through trial and error we have determined that Mail is working ok but somehow the account is causing the problem.  I have used this account for years.  Any ideas what is causing this?

  No idea why, but one thing you may try if you have the time, is create a new user, and set up the problem mail account in the new user space. See if it causes your MBP to hang as well.  That will tell you if it is something wrong with your main User, or something wrong with MBP.
  Assuming this works, I'd nuke the problem account in your main user space, re-start, and reinititate the account and see if that helps.
  Depening on how many email accounts you have setup, it may be necessary to nuke the whole Mail folder in your User/Library....   Hard way to get it to work, but just my idea.

• HT1551 When using Airplay, the display on my tv isn't being fully used (its not taking up the full widescreen tv display). How do I fix that issue?

  When using Airplay, the display on my tv isn't being fully used (its not taking up the full widescreen tv display). How do I fix that issue?

  Intermittent issues will point to a local network/wifi issue.
  Reboot ATV and router, make sure both are up to date
  Try ethernet
  The home sharing connection will cut out if the iMac goes to sleep.

• How to check if "create session" is being audited in the aud$

  Specifically, how do the determine if "create session" is being audited? Assume audit_trail=db_extended, audit_sys_operations=true and audit_file_dest has been set. Please specifically how to check if "create session" is being audited. Thanks

  SQL> connect test/test
  Connected.
  SQL> connect / as sysdba
  Connected.
  SQL> select username, action_name, to_char(timestamp,'DD/MON HH24:MI') from dba_audit_trail where action_name like 'LOG%';
  USERNAME                       ACTION_NAME                  TO_CHAR(TIMESTAMP,'DD/MONHH24
  TEST                           LOGON                        10/JANV. 19:32
  TEST                           LOGOFF                       10/JANV. 19:32
  SQL> select to_char(sysdate,'DD/MON HH24:MI') from dual;
  TO_CHAR(SYSDATE,'DD/MONHH24:M
  10/JANV. 19:33

• How to create session and end the session in atg without using ootb

  can anyone send the code for creating session(Login) and ending(Logout) session in atg without using ootb.
  thankyou!

  It is plain simple and is plain old request.getSession(false) and then invalidate the session , but why do you want to do it separately . ATG works behind scenes to associate lot of attributes to the session when log in happens and then deassociates them when log out happens , SessionManager component is also helpful in security , can you state why exactly would you want to do it?

• Any closer to a solution for apn in personal hotspot being fixed using 7.1

  Any closer to a solution for apn in personal hotspot being fixed using 7.1

  all three =)
  http://www.adobe.com/devnet/flashmediaserver/articles/protecting_video_fms.pdf
  regards
  Leonardo França
  Adobe Certified Expert Flex 3 with AIR
  Adobe Certified Expert Rich Internet Application Specialist v1.0
  Adobe Certified Expert Flash CS3 Professional
  Certified Professional Adobe Flex 2 Developer
  Adobe Certified Professional Flash MX 2004 Developer
  http://www.leonardofranca.com
  http://twitter/leofederal
  Manager AUGDF - Adobe User Group do Distrito Federal
  http://www.augdf.com.br
  http://twitter/augdf
  sfister escreveu:
  Hello,
  Our scenario is that we have an Adobe ColdFusion8 server running a portal application which will serve up SWF content from a FMS3 installation. We need to protect the SWF content from being a) downloaded to a users local machine and b) being accessed without being logged into the portal application.
  Please correct me here if I am wrong - it looks like the combination of RTMPE + SWF Verification are the minimum necessary, but I am confused as to these other practices and which ones to use (or can be used on FMS and not FMIS):
  1) Refererr and pageURL check validation
  OR
  2) IP Address validation
  OR
  3) White list domains
  Any suggestions on the best method to accomplish this using RTMPE + SWF Verification + (1, 2, or 3)?
  Thank you,
  Steve
  >

• Form displays modeless despite being called using ShowDialog() when called in a separate thread

  I have a java application which loads a C++ dll in order to launch VB components.
  Recently the VB activex components were upgraded to C# .NET.But some of the activex components referenced within the C# dlls had to be retained as is.
  There were issues of the C# components  not being launched since the Activex components cannot be Instantiated 
  in a Multi threaded Aparatment thread. Java as far as I know does not support single threaded apartments.
  So we had to create a new thread in the C++ dll (which acts like the interface between Java and C#) and then
  the components were launching properly.
  Now the issue is that even when the forms are being called using ShowDialog, the modality is lost.
  Does anybody know why this happens and a possible solution to the issue.

  I have a java application which loads a C++ dll in order to launch VB components.
  Recently the VB activex components were upgraded to C# .NET.But some of the activex components referenced within the C# dlls had to be retained as is.
  There were issues of the C# components  not being launched since the Activex components cannot be Instantiated 
  in a Multi threaded Aparatment thread. Java as far as I know does not support single threaded apartments.
  So we had to create a new thread in the C++ dll (which acts like the interface between Java and C#) and then
  the components were launching properly.
  Now the issue is that even when the forms are being called using ShowDialog, the modality is lost.
  Does anybody know why this happens and a possible solution to the issue.
  Hello,
  It seems like this issue is similar to this one
  ShowDialog call of a windows form is not really modal when called from a java Application.
  Since we could not test it directly, I would recommend you try to call it by specifying the owner for that form.
  Regards.
  Carl
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place. <br/> Click
  <a href="http://support.microsoft.com/common/survey.aspx?showpage=1&scid=sw%3Ben%3B3559&theme=tech"> HERE</a> to participate the survey.