Logging out of sessions

Similar Messages

• Vpdn: searching for snmp oid to log out vpdn session

  Hello colleagues,
  Cisco 7204 works as vpdn server.
  There are two problems:
  1) I'm searching for snmp oid to log out , terminate vpdn session
  2) radius server does not receives snmp statistics of incoming traffic of vpdn users.
  Please is anyone able to assist me?
  aaa new-model
  aaa authentication login default local
  aaa authentication ppp default group radius local
  aaa authentication ppp VPDN local group radius
  aaa authorization network default local group radius
  aaa accounting delay-start
  aaa accounting update periodic 3
  aaa accounting exec default start-stop group radius
  aaa accounting network default start-stop group radius
  aaa session-id common
  vpdn enable
  vpdn-group 1
  ! Default PPTP VPDN group
  description HOMENET
  accept-dialin
  protocol pptp
  virtual-template 3
  interface Virtual-Template3
  ip unnumbered Loopback1
  peer default ip address pool vpdn-pool
  no keepalive
  ppp authentication chap VPDN
  snmp-server community xxxxxxx RW
  snmp-server chassis-id 0x0E
  snmp-server enable traps tty
  radius-server host x.x.x.x auth-port 1812 acct-port 1813
  radius-server timeout 60
  radius-server key 7
  radius-server authorization permit missing Service-Type
  Best regards, Petr Akimov

  Hello –
  I received a reply from the developer of the script, and listed below is the new code that was suggested:
  #!/bin/bash
  value=`snmpwalk $1 -v1 -c $2 .1.3.6.1.2.1.25.1.5.0 | cut -d " " -f4`
  if [[ value -gt  $3 ]]
  then
  echo " $value Users Online, Critical!"
  retval=2;
  else
       if [[ $value -gt $4 ]]
             then
             echo " $value users online, Warning!"
             retval=1;
             else
             echo " $value Users online, fine."
             retval=0;
             fi
  fi
  exit $retval;
  I checked the server in question, and there were two, 2, user logins active on the system. I ran the snmpwalk command, and the output was the following:
  HOST-RESOURCES-MIB::hrSystemNumUsers.0 = Gauge32: 15
  I then modified the script to include the above text, and ran it again. The output was the following:
  15 users on line, Normal.
  For some reason, the value of 12 appears to be that for no users logged into the system. I am not sure why that is the case.
  If nothing else, progress has been made with the modification of the script.  The snmp service that I have installed on the server is that which came bundled as a
  feature with the server. The only thing that was not installed was the SNMP WMI Provider option.

• XML Log out API

  Hi
       how can i log out the session using XML API? anybody have sample code for log out session using XML API through either javascript or c#?
  Thanks
  Palani

  you need to use the logout api
  here is the format for the api call :
  https://<connect server url>.com/api/xml?action=logout
  for your code :
  1. call above api
  2. parse the xml status and check if it returns " ok"
  hope this helps!!

• Clearing Session and/or App variables with Log-out Page?

  Greetings
  I have 3 distinct user types for my app- admins, appraisers and clients.
  All have their own directories and each directory has it's own Application.cfm:
  1) <cfapplication name="appraiseri"
  applicationtimeout="#CreateTimeSpan(0,2,0,0)#"
  clientmanagement="Yes"
  sessionmanagement="Yes"
  sessiontimeout="#CreateTimeSpan(0,2,0,0)#"
  SetClientCookies="Yes">
  2) <cfapplication name="appraiserview" ......
  3) <cfapplication name="clientview" .......
  Each have their own login which simply uses their ID in the DB as the session variable.
  login_do.cfm:
  1) Appraisers: <CFIF auth_direct_appraiser.RecordCount NEQ 0 >
  <cfset Session.appraiser_user_id =auth_direct_appraiser.appraiser_ID>
  <cfset Session.appraiser_fname =auth_direct_appraiser.appraiser_fname>
  <cfset Session.appraiser_lname =auth_direct_appraiser.appraiser_lname>
  2) Admins: <cfset Session.user_id =auth_direct.staff_ID> ......
  3) Clients: <cfset Session.processor_user_id =auth_direct_processor.processor_ID>
  I have had a session persisting for a week now- I have no idea how to get rid of it, and if one simply hits the "login" submit button with no UN or PW, it runs a query on a client (the same one) ?
  My logout page is not working at all- if the code were correct, it would clear any session variable? I have not really set an app variable (except timeout) so no need to clear that?
  Here is the code:
  <CFLOCK SCOPE="Session" TYPE="Exclusive" TIMEOUT="60">
      <CFLOOP COLLECTION="#Session#" ITEM="Key">
          <CFIF NOT ListFindNoCase('IveSeenIT', Key)>
              <CFSET StructDelete(Session, Key)>
          </CFIF>
      </CFLOOP>
  </CFLOCK>
  <SCRIPT LANGUAGE="JavaScript">
      alert("You have been logged out from the XXXXX Intranet")
      location.href='login.cfm';
  </SCRIPT>
  Any help would be appreciated- this is leaving a huge security gap in the app right now.
  Thanks

  It in unnecessary to delete session keys to invalidate them. With proper coding they should be invalidated once the session times out.
  Sessiontimeout values are usually around half an hour and applicationtimeout values are usually of the order of 1 day. Also, one way to relate session to login is to use the loginStorage attribute. If you have no need for client management, switch it off.
  Hence, for example,
  <cfapplication name="appraiseri"
  applicationtimeout="#CreateTimeSpan(1,0,0,0)#"
  clientmanagement="no"
  sessionmanagement="Yes"
  sessiontimeout="#CreateTimeSpan(0,0,30,0)#"
  SetClientCookies="Yes"
  loginStorage="session">
  I am assuming that, for login and logout pages, you will - ignoring the details - have something like
  Login:
  <cflogin>
          <cfloginuser name = "some_name" password = "some_password"   roles = "appraiser"/>
  </cflogin>
  Logout:
  <cflogout>

• Logged Out session can be accessed again After logout (DAD authentication)

  Hello,
  Please find the details of my problem below:
  SCENERIO:
  Current Authentication: No Authentication (USING DAD)
  Authorization: MYAUTH
  Frequency: Once Per Session
  declare
  lv_retval boolean;
  lv_srec pkg_myutil.r_sessionrectype;
  begin
  begin
  -- This is NOT Apex Session. I am checking the entry in a table to make sure user is logged in
  -- and the link is not opened directly. In short making sure user opened the Apex link from the
  -- Oracle Forms application.
  lv_srec :=pkg_myutil.get_session_info(:P1_SID);
  if lv_srec.valid_session then
  lv_retval := TRUE;
  else
  lv_retval := FALSE;
  end if;
  exception
  when others then
  lv_retval := FALSE;
  end;
  return lv_retval;
  end;
  The Application Security property Authorization is set to : MYAUTH
  Logout Navigation Bar Entries-URL TARGET: http://myapp.mycompany.com/pls/apex/apex_custom_auth.logout?p_this_app=105&p_next_url=http://mycompany.com
  ( I cannot put this in the Authentication Logout URL as using -DATABASE- as sentry function (DAD authentication) gives me error: No functional attributes may be set when page sentry function is '-DATABASE-'.))
  so i directly modified the navigation bar entry
  Now I open the apex link from my forms application, and it Works fine. For example
  http://myapp.mycompany.com/pls/QRYONLYDAD/f?p=105:1:2524984933940261::NO::P1_SID:0137099300:
  The authorization function takes the P1_SID value and checks in database,finds the entry so returns TRUE to display the page 1 which i call Menu page.
  If I click logout, it works and takes me to the Mycompany home page.
  My question:
  If save that link and try to access it again AFTER LOGOUT, it still displays the page. Although the session is logged out, how come it still allows to access the page? The authorization function also doesn't fire which would have prevented it atleast. How APEX knows it still a valid session even after logout happens?
  I can see that Since there is DAD authentication, the login happens automatically........ but I cannot change that method. What other option do i have?
  Please help.
  Jay

  1.) Code for the function:
  Basically we are using a private DBMS_PIPE to pass a randomly generated string and read that pipe from Apex using get_session_info. Nothing to do with Apex Session. We just want to make sure the user opened the Apex link from the application.
  function get_session_info (p_session_id varchar2) return pkg_myutil.r_sessionrectype is
  rv_sessionrec eft.pkg_myutil.r_sessionrectype;
  lv_status NUMBER;
  lv_app_id varchar2(20);
  lv_EMPID VARCHAR2(20);
  lv_timeout BINARY_INTEGER := 0; --A timeout of 0 allows you to read without blocking. otherwise the pipe will keep waiting and our purpose won't be solved
  lv_rmstatus number;
  begin
  begin
  -- Valid Session theme: If the pipe doesnot exist means the url is not requested from inside the Forms application.
  lv_status := DBMS_PIPE.RECEIVE_MESSAGE(p_session_id,lv_timeout);
  IF lv_status <> 0 THEN
  raise_application_error(-20003,'Error while receiving.Status = ' || lv_status);
  END IF;
  DBMS_PIPE.UNPACK_MESSAGE(lv_app_id);
  DBMS_PIPE.UNPACK_MESSAGE(lv_EMPID);
  if lv_EMPID is null then
  raise_application_error(-20004,'User EMPID is null in the session info.');
  end if;
  -- construct return record
  rv_sessionrec.session_id:=p_session_id;
  rv_sessionrec.valid_session :=TRUE;
  -- remove pipe
  lv_rmstatus:=DBMS_PIPE.REMOVE_PIPE(p_session_id);
  if lv_rmstatus <> 0 then
  null; -- think what to do
  end if;
  exception
  when others then
  rv_sessionrec.session_id:=p_session_id;
  rv_sessionrec.valid_session :=FALSE;
  end;
  return rv_sessionrec;
  end get_session_info;
  2.) I guess you are right. But doesn't Apex use the Userid and password hardcoded in the DAD? because it displays the username in DAD on the page footer. But It will authenticate everytime. So I want to put another layer so that my pipe verification code executes everytime which can decide whether to show the page or redirect to a error page.
  If i put in a On-Load Before Header Process on Page 1 with the pl/sql code, is there a way there to redirect to different page? I couldn't think of a way to do it. Then i can remove the code from authorization scheme and add to the On-Load process?
  Does this help any?
  Thanks for your prompt response.
  Thanks,
  Jay

• What gives? I uncheck "Reopen windows when logging out" and it still goes back to the prev. sessions windows.  Is there a fix for this?

  What gives? I uncheck "Reopen windows when logging out" and it still goes back to the prev. sessions windows.  Is there a fix for this?

  I unchecked " Restore windows when quitting and re-opening apps."  in the prefs. and still it goes back to the prev windows sessions when  I uncheck "Reopen windows when logging out"

• How to prevent Spaces from creating a new session after logging out

  Hi,
  I'm using WebCenter Spaces (11.1.1.4), and I notice that the user is redirected to the landing page after logging out which causes a new HTTP session to be created. I'd like to avoid this behavior, and I was told that this could be done by creating a custom logout page with pure HTML and redirect the user there upon logout. How do I go about doing this? I couldn't find anything related to this in the documentation.
  Thanks,
  Robert

  What's wrong with a new session?
  When you logout, the current session will be destroyed so it's just normal that he creates a new webcenter that does not contain a user credential.

• Multiple session are open thought Users log out.

  Hello Gurus,
  I do see at CMC that many sessions are being open for many days even though users are logged out.
  We are using SAP 4.0 (14.0.4)  SP4. It's causing license issues and users are not able to log in.
  We have restarted our VM's and clear the IE browsers as well but issue still remains.
  Can you please help me on this.
  Best Regards,
  Sai

  Hi Sai,
  Could you give more information about BOE products you use and for which datasource type (UNV, UNX ?).
  I know SP04 still had different issues where multiple sessions were created when working on UNX Universes (see https://support.wdf.sap.corp/sap/support/notes/1764372), and it could lead to "lost sessions". There are other similar problems fixed in more recent versions of BOE, so you may think about upgrading your platform at some point to benefit from all these corrections.
  Regards,
  Loic

• Force end of session when user closes window without logging out

  I want to protect sensitive employee data. Does anyone know how to force a user's portal session to be terminated after a user closes a window with the "X" instead of logging out?

  Web application is connectionless. So there is no way to tell if a user has disconnected. If the user diligently logout, then invalidating a session is no problem. However, if you wish to invalidate the user upon closing of window, I suggest you drop that idea and change to different approach.
  1. If you are trying to impose single logon policy, you may consider invalidate an existing session if the same user login again.
  2. If you really need to invalidate a user session as soon as he is inactive (or closes window). I suggest you set a very small timeout interval (maybe 3 minutes). Then for all the pages, implement a simple invisible IFRAME that will keep refreshing itself (say every 2 minutes) on a dummy JSP/servlet URL. The fact that this IFRAME always hit the URL at 2 mins interval will keep the user session valid. Once the browser window is closed, the session will be invalidated in max 3 mins time.
  The final suggestion is to drop that idea altogether, the point is ... implement such feature is like twisting web application to do something that it is not design to do naturally.

• Enhancement while user log out of the session

  Hi
           We are connecting to the external system through web services and query it  to get the data. We will call this connection to external system from most of the important transactions. Our problem is, once the user connects to the external system, he has to stay connected tilll the user log out i.e. user has to disconnect while he log out. I am using shared objects and creating instance while user connects. But no clue where to clear this instance and close the connectivity. So, my question is there any BADI, Userexit or enhancement triggers while user log out or any other way to implement . Please advise
  Regards
  Shailaja.

  HI Sailaja  ,
  You can  check that  by Creating One RFC   by passing parameter   when you are connecting to external system  and also  when you are logging out of the external system  , one flag can be paased to RFC  when he logs out and  can close the session accordingly  .
  Regards
  Deepak.

• [svn:fx-trunk] 21141: Bug: 2780176 - Logging and logging out multiple times in LCDS can cause duplicate session detected errors .

  Revision: 21141
  Revision: 21141
  Author:   [email protected]
  Date:     2011-04-26 06:40:39 -0700 (Tue, 26 Apr 2011)
  Log Message:
  Bug: 2780176 - Logging and logging out multiple times in LCDS can cause duplicate session detected errors.
  QA: Yes
  Doc: No
  Checkintests: Pass
  Details: When a logout was followed by an immediate login, sometimes the server would throw duplicate session detected errors. This was because when logout happened, a fire-and-forget disconnect message was sent to the server that established a new session, and if the subsequent login happened before disconnect ACK returned from the server, that would establish another session and hence the error. The fix is to insert a slight delay between disconnect and ResultEvent dispatching. This way, disconnect has a chance to return before a login is performed.
  Modified Paths:
      flex/sdk/trunk/frameworks/projects/rpc/src/mx/messaging/ChannelSet.as

  You've got an  incompatible Logitech driver and java was incompletely uninstalled.
  You may have a problem with the Wacom driver.
  I don't know if fixing those things will help.
  There also a few window server errors, but I don't know if they are causal.
  If you can note the time of the hangs, that might help narrow it down in the logs.

• Session expired, log out.

  After reading or viewing an email attachment, try to return to emails and the message 'session expired, log out' appears and you are logged out. This is just one of numerous problems with BT Mail that never happened with Yahoo.

  Hi RoyL,
  Thanks for the post and welcome to the forum.  I am sorry to hear of the problems that you are having.  Any chance you could send me your details so that I can send on to our email teams to have a look at?
  It would really help if you could supply the following information,
  Time stamp of when the issue occurred?,
  The email address in question? and
  Does the session drop out only when viewing attachments or have you noticed other scenarios?
  If you could send me this info via email that would be great.  You will find the 'Mods contact link' under the 'About me' section of my profile.  Just click on my username (SeanD).
  Cheers
  Sean
  BTCare Community Manager
  If we have asked you to email us with your details, please make sure you are logged in to the forum, otherwise you will not be able to see our ‘Contact Us’ link within our profiles.
  We are sorry that we are unable to deal with service/account queries via the private message(PM) function so please don't PM your account info, we need to deal with this via our email account :-)

• What do I do to straighten out this problem... When I try to access Firefox after having logged out of a previous session I get a msg that Firefox is still running and I have to restart the computer in order to access internet.

  What do I do to straighten out this problem: When I try to access Firefox after I've logged out of a previous session I get a msg that Firefox is still running and I have to restart the computer in order to access internet...

  All you need to do is wait. While Firefox appears closed, it's not. It doing house cleaning. Cleaning out cookies and cache. How long it takes depends upon how much garbage you have collected.
  If you start the Task Manager and open the Process window, you will be able to see when Firefox has finished up and closed down.
  If you forced Firefox to close using the task manager, then the house keeping process seems to freeze up.
  Also, as you've already found out from the above link, some programs and plugins will prevent Firefox from closing properly. I've found this less common then simply being in a hurry. But you need to also consider it.

• Preventing automatic log out from Apex Developer session

  Hello,
  I've noticed that I am frequently being logged out of my Apex Developer session whenever I am tryng to 'return' to application builder after running/testing my application (using Apex Developer). It seems quite random as to whether it happens or not, but since migrating to Apex v4.2 it appears to be happening more frequently ( based on my first week of using this version). Is there any setting that can be applied to prevent this happening or to extend the timeout/inactivity period before it does happen,
  thanks in advance,
  Kevin.

  Login as INTERNAL / ADMIN and go to Manage Instance > Security. There, you can define the maximal
  Maximum Session Length in Seconds      
  The help says:
  "Enter a positive integer to control how many seconds an application session is allowed to exist. This setting is superceded by the application level setting. Leave the value null in order to revert to the default value of 8 hours (28800 seconds). Enter 0 to have the session exist indefinitely. This session duration may be superseded by the operation of the job that runs every hour which deletes sessions older than 12 hours."
  and the
  Maximum Session Idle Time in Seconds
  The help says:
  "Enter a positive integer to control how many seconds a session may remain idle for Oracle Application Express applications. This setting is superceded by the application-level setting. Leave the value null in order to revert to the default value of 1 hour (3600 seconds). Set to 0 to prevent session idle time checks from being performed."
  Denes Kubicek
  http://deneskubicek.blogspot.com/
  http://www.apress.com/9781430235125
  http://apex.oracle.com/pls/apex/f?p=31517:1
  http://www.amazon.de/Oracle-APEX-XE-Praxis/dp/3826655494
  -------------------------------------------------------------------

• Can I set idle ssh sessions to be logged out?

  I'd like to log off ssh sessions that have been idle for too long, but I am unsure where to set this. would it be TMOUT in /etc/profiles or in each user's shell profiles?

  First of all i guess its useful to mention that there are no idle timeout in ssh itself, so you would indeed have to solve it in another way.
  You could set the TMOUT variable in the /etc/profile, there are two problems here however;
  1) not all shell implements it (bash, ksh, zsh does)
  2) the user can easily change / remove it.
  For tcsh i belive the syntax would be set autologout=xx .
  I belive there are small deamons around which logs out users for you if they idle for to long, but i can't find anything among my bookmarks.
  If you have a firewall perhaps you could probably make it do this for you as well.