Logout Not Invalidating Session
One of our applications was recently scanned by Security and they were able to do a 'Session Replay Attack' in our application. The cookie does not appear to be expiring upon logout which allows a user to log back in under that session even after closing everything out. Our current Authentication Scheme is set to the following on logout:
wwv_flow_custom_auth_std.logout?p_this_flow=&APP_ID.&p_next_flow_page_sess=&APP_ID.:1000:&SESSION.
We are currently using APEX 2.2, can you provide any guidance as to how to expire the session cookie so no one can get in again?
Thank you,
Amy
Sorry for the delay in responding, I had to get the information from the security person that was able to do this. Here are the responses below:
I need more details of what was done in this scenario. Are you saying that the logout procedure did not change the value of the cookie in the browser session? How did you determine that?
- The session cookie assigned when logging in the first time did not expire immediately when the person logged out. Without logging in, all I would need to do is resubmit the session cookie in my requests to gain access to the application. I accomplished this using a web proxy to capture requests between the browser and server allowing me to manipulate data sent to /from the server.
What was the value of the session cookie after the logout occurred?
- I merely reused the session cookie already provided. Cookie submitted was: WWV_CUSTOM-F_2695714197338609_1100=04ACEC38BA5368CD
Then by "after closing everything out" the user was able to enter username/password in the login page and run the application again in the original session, is that right?
- No username / password needed. Session cookie is used as my validation.
Does this have anything to do with the previous or new version of the session cookie?
- Reusing previous cookie. Replacing new cookie with old cookie. Hence, ‘session replay attack’.
In words, if you look at the value of the original session cookie before the logout and the cookie value after logout and the cookie value after the second login, are all three values (or at least the first and third values) the same?
- I am reusing / substituting an old cookie and replacing new ones with the old one.
Or are you making no statements about cookies at all but saying only that being able to use a session ID that was previously used (and logged out of) seems to be possible by the same named user in the same application.
- Cookies are used for Session ID. Anyone can reuse that cookie / session ID and masquerade as that user.
Thanks for the help and let me know if you need anymore information or clarifications.
Amy
Similar Messages
-
Hi,
I have a secure zone set up and I have a log out button in the menu. The url for the menu link is set to /LogOutProcess.aspx.
When someone is logged in and they click the logout link they go to a page saying that they have been logged out. However if they then click the Login link in the menu to login, the page that they land on is their dashboard (instead of the login form) so Business Catalyst is not actually logging them out and clearing the session straight away. I went away for about an hour and came back and it was only then that the session seemed to have cleared so that when I clicked the login link, it took me to the login page instead of the dashboard.
I just wondered if anyone knows the amount of time the session is set for, ie. does this happened for all BC sites?
Thanks in advance.You shouldn't be on the secure domain when you login, but the login form action should point to the secure domain.
You don't need to be on the secure domain to logout. I was just thinking this problem could be related to the secure domain. Just asking questions.
Sent from my iPhone -
SSO Exception Invalid Session: Service URL not found:session
I am running AM 7 (installed from JES) under Sun Web Server 6.1.
The Policy Agent is installed in Tomcat 5.5 (on the same box).
I am getting the exception: SSO Exception Invalid Session: Service URL not found:session
when I try to run the SSO Serlvet example.
I have searched the forum and found many people get this error and the advice seems to be check the config file. The Agent config file (AMAgent.properties) has all the right parameters in it (matches the server just fine because I authenticate before getting to the serlvet).
I've tried to set the naming url thru the JVM command line args and programatically. I've been thru the client SDK install chapter many times.
Still getting the same error.
Help!
JasonMore info: I set the debug level in the AM server to message and in the amSSOProvider log, I get several Invalid Session ID.
How could this be when I just successfully authenticated???
I can also go to other protected web pages, and AM does not force me to reauthenticate, so obviously the cookie is good.
Any help would be appreciated.
Jason
03/20/2006 03:05:03:243 PM MST: Thread[main,5,main]
SSO token ldap auth successful for AuthPrincipal: cn=dsameuser,ou=DSAME Users,dc=ad,dc=gd-ais,dc=com
03/20/2006 03:05:07:071 PM MST: Thread[main,5,main]
SSO token ldap auth successful for AuthPrincipal: cn=dsameuser,ou=DSAME Users,dc=ad,dc=gd-ais,dc=com
03/20/2006 03:05:07:243 PM MST: Thread[main,5,main]
SSO token ldap auth successful for AuthPrincipal: cn=dsameuser,ou=DSAME Users,dc=ad,dc=gd-ais,dc=com
03/20/2006 03:05:08:103 PM MST: Thread[main,5,main]
SSO token ldap auth successful for AuthPrincipal: cn=dsameuser,ou=DSAME Users,dc=ad,dc=gd-ais,dc=com
03/20/2006 03:05:10:134 PM MST: Thread[main,5,main]
SSO token ldap auth successful for AuthPrincipal: cn=dsameuser,ou=DSAME Users,dc=ad,dc=gd-ais,dc=com
03/20/2006 03:05:17:697 PM MST: Thread[main,5,main]
SSO token ldap auth successful for com.sun.mobile.cdm.MAPClientDetector$1@d61aef
03/20/2006 03:05:20:400 PM MST: Thread[main,5,main]
SSO token ldap auth successful for AuthPrincipal: cn=dsameuser,ou=DSAME Users,dc=ad,dc=gd-ais,dc=com
03/20/2006 03:05:40:713 PM MST: Thread[service-j2ee-1,5,main]
could not create SSOTOken for token ID
com.iplanet.dpro.session.SessionException: Invalid session ID.
at com.iplanet.dpro.session.Session.getSession(Session.java:700)
at com.iplanet.sso.providers.dpro.SSOProviderImpl.createSSOToken(SSOProviderImpl.java:169)
at com.iplanet.sso.SSOTokenManager.createSSOToken(SSOTokenManager.java:305)
at com.sun.identity.authentication.service.AuthUtils.getExistingValidSSOToken(AuthUtils.java:2735)
at com.sun.identity.authentication.UI.LoginViewBean.forwardTo(LoginViewBean.java:288)
at com.iplanet.jato.ApplicationServletBase.dispatchRequest(ApplicationServletBase.java:981)
at com.iplanet.jato.ApplicationServletBase.processRequest(ApplicationServletBase.java:615)
at com.iplanet.jato.ApplicationServletBase.doGet(ApplicationServletBase.java:459)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:787)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
at org.apache.catalina.core.StandardWrapperValve.invokeServletService(StandardWrapperValve.java:771)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:322)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:212)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:209)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
at com.iplanet.ias.web.connector.nsapi.NSAPIProcessor.process(NSAPIProcessor.java:161)
at com.iplanet.ias.web.WebContainer.service(WebContainer.java:580)
03/20/2006 03:05:40:729 PM MST: Thread[service-j2ee-1,5,main]
could not create SSOTOken for token ID
com.iplanet.dpro.session.SessionException: Invalid session ID.
at com.iplanet.dpro.session.Session.getSession(Session.java:700)
at com.iplanet.sso.providers.dpro.SSOProviderImpl.createSSOToken(SSOProviderImpl.java:169)
at com.iplanet.sso.SSOTokenManager.createSSOToken(SSOTokenManager.java:305)
at com.sun.identity.authentication.service.AuthUtils.getOrigRedirectURL(AuthUtils.java:1443)
at com.sun.identity.authentication.UI.LoginViewBean.forwardTo(LoginViewBean.java:293)
at com.iplanet.jato.ApplicationServletBase.dispatchRequest(ApplicationServletBase.java:981)
at com.iplanet.jato.ApplicationServletBase.processRequest(ApplicationServletBase.java:615)
at com.iplanet.jato.ApplicationServletBase.doGet(ApplicationServletBase.java:459)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:787)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
at org.apache.catalina.core.StandardWrapperValve.invokeServletService(StandardWrapperValve.java:771)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:322)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:212)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:209)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
at com.iplanet.ias.web.connector.nsapi.NSAPIProcessor.process(NSAPIProcessor.java:161)
at com.iplanet.ias.web.WebContainer.service(WebContainer.java:580)
03/20/2006 03:05:40:729 PM MST: Thread[service-j2ee-1,5,main]
could not create SSOToken from HttpRequest
com.iplanet.dpro.session.SessionException: Invalid session ID.
at com.iplanet.dpro.session.Session.getSession(Session.java:700)
at com.iplanet.sso.providers.dpro.SSOProviderImpl.createSSOToken(SSOProviderImpl.java:99)
at com.iplanet.sso.SSOTokenManager.createSSOToken(SSOTokenManager.java:242)
at com.sun.identity.authentication.service.LoginState.getUserDomain(LoginState.java:1065)
at com.sun.identity.authentication.service.LoginState.createAuthContext(LoginState.java:1108)
at com.sun.identity.authentication.service.AuthUtils.getAuthContext(AuthUtils.java:310)
at com.sun.identity.authentication.service.AuthUtils.getAuthContext(AuthUtils.java:250)
at com.sun.identity.authentication.UI.LoginViewBean.forwardTo(LoginViewBean.java:325)
at com.iplanet.jato.ApplicationServletBase.dispatchRequest(ApplicationServletBase.java:981)
at com.iplanet.jato.ApplicationServletBase.processRequest(ApplicationServletBase.java:615)
at com.iplanet.jato.ApplicationServletBase.doGet(ApplicationServletBase.java:459)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:787)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
at org.apache.catalina.core.StandardWrapperValve.invokeServletService(StandardWrapperValve.java:771)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:322)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:212)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:209)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
at com.iplanet.ias.web.connector.nsapi.NSAPIProcessor.process(NSAPIProcessor.java:161)
at com.iplanet.ias.web.WebContainer.service(WebContainer.java:580)
03/20/2006 03:05:40:760 PM MST: Thread[service-j2ee-1,5,main]
could not create SSOToken from HttpRequest
com.iplanet.dpro.session.SessionException: Invalid session ID.
at com.iplanet.dpro.session.Session.getSession(Session.java:700)
at com.iplanet.sso.providers.dpro.SSOProviderImpl.createSSOToken(SSOProviderImpl.java:99)
at com.iplanet.sso.SSOTokenManager.createSSOToken(SSOTokenManager.java:242)
at com.sun.identity.authentication.service.AMLoginContext.processIndexType(AMLoginContext.java:1411)
at com.sun.identity.authentication.service.AMLoginContext.executeLogin(AMLoginContext.java:211)
at com.sun.identity.authentication.server.AuthContextLocal.login(AuthContextLocal.java:321)
at com.sun.identity.authentication.server.AuthContextLocal.login(AuthContextLocal.java:257)
at com.sun.identity.authentication.server.AuthContextLocal.login(AuthContextLocal.java:177)
at com.sun.identity.authentication.UI.LoginViewBean.getLoginDisplay(LoginViewBean.java:734)
at com.sun.identity.authentication.UI.LoginViewBean.processLogin(LoginViewBean.java:687)
at com.sun.identity.authentication.UI.LoginViewBean.forwardTo(LoginViewBean.java:408)
at com.iplanet.jato.ApplicationServletBase.dispatchRequest(ApplicationServletBase.java:981)
at com.iplanet.jato.ApplicationServletBase.processRequest(ApplicationServletBase.java:615)
at com.iplanet.jato.ApplicationServletBase.doGet(ApplicationServletBase.java:459)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:787)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
at org.apache.catalina.core.StandardWrapperValve.invokeServletService(StandardWrapperValve.java:771)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:322)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:212)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:209)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
at com.iplanet.ias.web.connector.nsapi.NSAPIProcessor.process(NSAPIProcessor.java:161)
at com.iplanet.ias.web.WebContainer.service(WebContainer.java:580)
03/20/2006 03:05:45:604 PM MST: Thread[service-j2ee-3,5,main]
could not create SSOTOken for token ID AQIC5wM2LY4SfcxwMjkeu5nCkvTykKfesYTyhaYeoECCIyQ=@AAJTSQACMDE=#
com.iplanet.dpro.session.SessionException: Session state is invalid. AQIC5wM2LY4SfcxwMjkeu5nCkvTykKfesYTyhaYeoECCIyQ=@AAJTSQACMDE=#
at com.iplanet.dpro.session.Session.refresh(Session.java:1046)
at com.iplanet.dpro.session.Session.getSession(Session.java:725)
at com.iplanet.sso.providers.dpro.SSOProviderImpl.createSSOToken(SSOProviderImpl.java:169)
at com.iplanet.sso.SSOTokenManager.createSSOToken(SSOTokenManager.java:305)
at com.sun.identity.authentication.service.AuthUtils.getExistingValidSSOToken(AuthUtils.java:2735)
at com.sun.identity.authentication.UI.LoginViewBean.forwardTo(LoginViewBean.java:288)
at com.iplanet.jato.ApplicationServletBase.dispatchRequest(ApplicationServletBase.java:981)
at com.iplanet.jato.ApplicationServletBase.processRequest(ApplicationServletBase.java:615)
at com.iplanet.jato.ApplicationServletBase.doPost(ApplicationServletBase.java:473)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:807)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
at org.apache.catalina.core.StandardWrapperValve.invokeServletService(StandardWrapperValve.java:771)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:322)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:212)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:209)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
at com.iplanet.ias.web.connector.nsapi.NSAPIProcessor.process(NSAPIProcessor.java:161)
at com.iplanet.ias.web.WebContainer.service(WebContainer.java:580)
03/20/2006 03:05:45:604 PM MST: Thread[service-j2ee-3,5,main]
could not create SSOTOken for token ID AQIC5wM2LY4SfcxwMjkeu5nCkvTykKfesYTyhaYeoECCIyQ=@AAJTSQACMDE=#
com.iplanet.dpro.session.SessionException: Session state is invalid. AQIC5wM2LY4SfcxwMjkeu5nCkvTykKfesYTyhaYeoECCIyQ=@AAJTSQACMDE=#
at com.iplanet.dpro.session.Session.refresh(Session.java:1046)
at com.iplanet.dpro.session.Session.getSession(Session.java:725)
at com.iplanet.sso.providers.dpro.SSOProviderImpl.createSSOToken(SSOProviderImpl.java:169)
at com.iplanet.sso.SSOTokenManager.createSSOToken(SSOTokenManager.java:305)
at com.sun.identity.authentication.service.AuthUtils.getOrigRedirectURL(AuthUtils.java:1443)
at com.sun.identity.authentication.UI.LoginViewBean.forwardTo(LoginViewBean.java:293)
at com.iplanet.jato.ApplicationServletBase.dispatchRequest(ApplicationServletBase.java:981)
at com.iplanet.jato.ApplicationServletBase.processRequest(ApplicationServletBase.java:615)
at com.iplanet.jato.ApplicationServletBase.doPost(ApplicationServletBase.java:473)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:807)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
at org.apache.catalina.core.StandardWrapperValve.invokeServletService(StandardWrapperValve.java:771)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:322)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:212)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:209)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
at com.iplanet.ias.web.connector.nsapi.NSAPIProcessor.process(NSAPIProcessor.java:161)
at com.iplanet.ias.web.WebContainer.service(WebContainer.java:580) -
I am running into an occasional session problem with one of my servlet applications. When this problem occurs, the HttpSession.setAttribute() method throws an IllegalStateException that the session has already been invalidated. My question is how do I handle this Exception. I would like to just give the user a new session. The req.getSession(true) is how I establish all my new sessions - but in rare cases this method is giving me an invalidated session. See the code snippet below:
public void service (HttpServletRequest req, HttpServletResponse res) {
HttpSession session = req.getSession(true);
try {
session.setAttribute("mykey", "myvalue");
catch (java.lang.IllegalStateException ex {
//help requested here...
//create new session and assign to ServletRequest or ServletResponse??
}Well, I don't think the sessions are not thread-safe, so if some other thread from some other request ends up invalidating the session, this could happen. It shouldn't happen normally, I would think. The session shouldn't invalidate itself after the service or doXXX methods are called. It would almost seem like it would happen by the user explicitly clicking a logout link before another request is completed.
-
Invalid Session ID - cookie encode/decode
Hello,
I'm looking for the correct combination of cookie encode/decode parameters for my own setup.
Machine am : AM Server 7.0 on WS6.1
Machine amc : my own webapps using AM client SDK & protected by a Policy agent. 2.2 Everything within a WS6.1 container.
After being redirected to AM, I obtain my iPlanetDirectoryPro cookie and my webapp can obtain a SSOToken using the SSOToken token = manager.createSSOToken(String) if obtain the String via Cookie accessor's method.
No luck with SSOToken token = manager.createSSOToken(HttpServletRequest) which always gives a Invalid Session Id message. I know that this is an encoding problem but I tried many combinations & heard that these settings are not always well documented. I have at the moment :
am server AMConfig.properties :
com.iplanet.am.cookie.encode=false
am client sdk AMConfig.properties :
com.iplanet.am.cookie.encode=false
policy agent AMAgent.properties :
com.sun.identity.agents.config.sso.decode = false
com.iplanet.am.cookie.encode = false
Has somebody worked that out ?
Thanks !
nieuwenjHi, am using this code:
AMUtil.java
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.io.IOException;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.ChoiceCallback;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.TextInputCallback;
import javax.security.auth.callback.TextOutputCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import com.sun.identity.authentication.AuthContext;
import com.sun.identity.authentication.spi.AuthLoginException;
import com.iplanet.am.util.Debug;
* @author hjimenez
public class AMUtil {
private String loginIndexName;
private String orgName;
private String user;
private String password;
* Creates a new instance of AMUtil
public AMUtil(String loginIndexName, String orgName) {
this.loginIndexName = loginIndexName;
this.orgName = orgName;
protected AuthContext getAuthContext()
throws AuthLoginException, com.iplanet.sso.SSOException, Exception {
AuthContext lc = new AuthContext(orgName);
AuthContext.IndexType indexType = AuthContext.IndexType.MODULE_INSTANCE;
lc.login(indexType, loginIndexName);
debugMessage(loginIndexName + ": Se obtuvo login context");
return lc;
private void addLoginCallbackMessage(Callback[] callbacks)
throws UnsupportedCallbackException {
int i = 0;
try {
for (i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof TextOutputCallback) {
handleTextOutputCallback((TextOutputCallback)callbacks);
} else if (callbacks[i] instanceof NameCallback) {
handleNameCallback((NameCallback)callbacks[i]);
} else if (callbacks[i] instanceof PasswordCallback) {
handlePasswordCallback((PasswordCallback)callbacks[i]);
} else if (callbacks[i] instanceof TextInputCallback) {
handleTextInputCallback((TextInputCallback)callbacks[i]);
} else if (callbacks[i] instanceof ChoiceCallback) {
handleChoiceCallback((ChoiceCallback)callbacks[i]);
} catch (IOException e) {
e.printStackTrace();
throw new UnsupportedCallbackException(callbacks[i],e.getMessage());
private void handleTextOutputCallback(TextOutputCallback toc) {
debugMessage("Se ejecut� TextOutputCallback");
// Mostrar mensaje de acuerdo al tipo especificado
switch (toc.getMessageType()) {
case TextOutputCallback.INFORMATION:
debugMessage(toc.getMessage());
break;
case TextOutputCallback.ERROR:
debugMessage("ERROR: " + toc.getMessage());
break;
case TextOutputCallback.WARNING:
debugMessage("WARNING: " + toc.getMessage());
break;
default:
debugMessage("Tipo de mensaje no soportaado: " +
toc.getMessageType());
private void handleNameCallback(NameCallback nc)
throws IOException {
// asignar usuario
nc.setName(this.user);
private void handleTextInputCallback(TextInputCallback tic)
throws IOException {
// poner un prompt para obtener datos
System.out.print(tic.getPrompt());
System.out.flush();
tic.setText((new BufferedReader
(new InputStreamReader(System.in))).readLine());
private void handlePasswordCallback(PasswordCallback pc)
throws IOException {
// asignar password
String passwd = this.password;
pc.setPassword(passwd.toCharArray());
private void handleChoiceCallback(ChoiceCallback cc)
throws IOException {
// ignorar el valor default dado
System.out.print(cc.getPrompt());
String[] strChoices = cc.getChoices();
for (int j = 0; j < strChoices.length; j++) {
System.out.print("choice[" + j + "] : " + strChoices[j]);
System.out.flush();
cc.setSelectedIndex(Integer.parseInt((new BufferedReader
(new InputStreamReader(System.in))).readLine()));
public boolean login(AuthContext lc)
throws UnsupportedCallbackException {
boolean succeed = false;
Callback[] callbacks = null;
// obtener informaci�n del m�dulo solicitada
while (lc.hasMoreRequirements()) {
callbacks = lc.getRequirements();
if (callbacks != null) {
addLoginCallbackMessage(callbacks);
lc.submitRequirements(callbacks);
if (lc.getStatus() == AuthContext.Status.SUCCESS) {
System.out.println("Login exitoso.");
succeed = true;
} else if (lc.getStatus() == AuthContext.Status.FAILED) {
System.out.println("Login fallo.");
} else {
System.out.println("Estatus desconocido: " + lc.getStatus());
return succeed;
public void logout(AuthContext lc)
throws AuthLoginException {
lc.logout();
System.out.println("Log Out!!");
static void debugMessage(String msg) {
System.out.println(msg);
public String getUser() {
return user;
public void setUser(String user) {
this.user = user;
public String getPassword() {
return password;
public void setPassword(String password) {
this.password = password;
and call it from:
import com.iplanet.sso.SSOToken;
import com.sun.identity.authentication.AuthContext;
import com.sun.identity.authentication.spi.AuthLoginException;
import javax.security.auth.callback.UnsupportedCallbackException;
import com.iplanet.sso.SSOException;
import java.net.InetAddress;
* @author hjimenez
public class TestLogin {
/** Creates a new instance of TestLogin */
public TestLogin() throws SSOException {
* @param args the command line arguments
public static void main(String[] args) {
try {
// arg0 = LDAP arg1 = tecnet
AMUtil login = new AMUtil(args[0], args[1]);
// arg2=usuario arg3=pass
login.setUser(args[2]);
login.setPassword(args[3]);
AuthContext lc = login.getAuthContext();
if (login.login(lc)) {
SSOToken token = lc.getSSOToken();
System.out.println("Token asignado: "+token.getTokenID().toString());
String host = token.getHostName();
java.security.Principal principal = token.getPrincipal();
String authType = token.getAuthType();
int level = token.getAuthLevel();
InetAddress ipAddress = token.getIPAddress();
long maxTime = token.getMaxSessionTime();
long idleTime = token.getIdleTime();
long maxIdleTime = token.getMaxIdleTime();
System.out.println("SSOToken host name: " + host);
System.out.println("SSOToken Principal name: " +
principal.getName());
System.out.println("Authentication type used: " + authType);
System.out.println("IPAddress of the host: " +
ipAddress.getHostAddress());
login.logout(lc);
} catch (AuthLoginException e) {
e.printStackTrace();
} catch (UnsupportedCallbackException e) {
e.printStackTrace();
} catch (SSOException e) {
e.printStackTrace();
} catch (Exception e) {
e.printStackTrace(); -
I have an application which is configured with SSO, but I am not able to understand how can I logout from the session.
can anyone please help me out with this issue.
Thanks,
OrtonAre the pages in different webapps? In Tomcat, for example, you'll have one session per webapp. Invalidating the session for one webapp won't invalidate a session for another webapp.
This is handled by Tomcat's Single-Sign On valve (this needs to be configured in TOMCAT/conf/server.xml). -
Could not deserialize session data, java.io.InvalidClassException
Whenever I click on logout link from Liferay(Which deployed as application on Weblogic 10.3),It shows below Exception in the console however i am able to logout sucessfully.
Could not deserialize session data.
java.io.InvalidClassException: org.hibernate.proxy.pojo.javassist.SerializableProxy; local class incompatible: stream classdesc serialVersionUID = 1180036893511205383, local class serialVersionUID = -2265249369383210104 at java.io.ObjectStreamClass.initNonProxy(ObjectStreamClass.java:560)
It seems to be Classpath polluted with different hibernate jars.But still not able to figure it out.Below is the jar files which i have in classpath.
hibernate-annotations.jar
hibernate-commons-annotations.jar
hibernate-core.jar
hibernate3.jar
Application Server: Weblogic 10.3
Any Help would be much appreciated.Sounds like you have two different versions of a class in the two applications.
If you change a class implementation and recompile - the updated class gets a new UID. Looks like maybe one app has a jar with the older class and the other app has a jar with the new class. -
Invalid session : connecting from developer 6i to sql server 2000
Hi ,
I am facing the following problem for connecting to sql server
2000 from oracle forms 6i.
Oracle developer 6i(form builder 6.0.8.11.3)
sql server 2000
o/s windows 2000 server
plus80.exe <username>/<password>@odbc:<dsn_name>
SQL*Plus: Release 8.0.6.0.0 - Production on Tue Oct 24 17:36:56
2000
(c) Copyright 1999 Oracle Corporation. All rights reserved.
ORA-00022: invalid session id; access denied
ORA-00022: invalid session id; access denied
ORA-00022: invalid session id; access denied
Error accessing PRODUCT_USER_PROFILE
Warning: Product user profile information not loaded!
You may need to run PUPBLD.SQL as SYSTEM
Server not available or version too low for this feature
ORA-00022: invalid session id; access denied
Connected to:
Oracle Open Client Adapter for ODBC 6.0.5.29.0
Microsoft SQL Server 08.00.0194
SQL>
pls help
Thanks in advance
YogeshHello ,
this forum must have a attachment option , so it very easy for others to update their development
Now how can i paste the procedure it have 6 - 8 pages and when i paste it, the words merge or join with others word, it become very difficult to read,,
anyhow
mail me i send the document
[email protected] -
Bea.jolt.ServiceException: Invalid Session
Good day to all!
I know that this is common problem, but if you kindly point me in the right direction, that would be more appreciated. I am currently running PT8.50 HRMS 9.1 DMO on Windows 7. The PIA is giving this error:
CHECK APPSERVER LOGS. THE SITE BOOTED WITH INTERNAL DEFAULT SETTINGS, BECAUSE OF: bea.jolt.ServiceException: Invalid Session
When logging in, I get that the app server is down. I am in familiar with why I see app server is down. I also believe that I understand why I am getting the above error. During installation, I put my own password for PTWEBSERVER as oppose to the default. I thought I updated the password with the default, but doesn't seem to work.
I also understand to check the appserver logs, but I am not familiar where it is located, so if 'I could get the location of these logs, I will post the log and that would confirm if it is a password issue, or not.
And if I need to uninstall and reinstall PIA, please tell me what I should do there. Thank you and Be BlessedThank you for that helpful tip. I misunderstood Bob's post then. I though the updating was only if the acct was locked (which it wasn't because I checked). In any rate, I did rerun the script and the script was successful. Just to be sure, I logged into datamover via bootstrap mode and just typed in exactly the command that was given. I didn't miss anything I am assuming correct?
I am still getting the same error message, even after updating the password. Here is the log, maybe this will help. Be Blessed
####<Nov 17, 2010 12:55:52 PM CST> <Notice> <Server> <Kelvin> <PIA> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1290020152368> <BEA-002613> <Channel "DefaultSecure[7]" is now listening on 0:0:0:0:0:0:0:1:443 for protocols iiops, t3s, ldaps, https.>
####<Nov 17, 2010 12:55:52 PM CST> <Notice> <Server> <Kelvin> <PIA> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1290020152368> <BEA-002613> <Channel "Default[4]" is now listening on fe80:0:0:0:0:100:7f:fffe:80 for protocols iiop, t3, ldap, snmp, http.>
####<Nov 17, 2010 12:55:52 PM CST> <Notice> <Server> <Kelvin> <PIA> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1290020152368> <BEA-002613> <Channel "Default[7]" is now listening on 0:0:0:0:0:0:0:1:80 for protocols iiop, t3, ldap, snmp, http.>
####<Nov 17, 2010 12:55:52 PM CST> <Notice> <Server> <Kelvin> <PIA> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1290020152368> <BEA-002613> <Channel "Default[3]" is now listening on fe80:0:0:0:1975:e9d2:ad58:81a3:80 for protocols iiop, t3, ldap, snmp, http.>
####<Nov 17, 2010 12:55:52 PM CST> <Notice> <Server> <Kelvin> <PIA> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1290020152368> <BEA-002613> <Channel "DefaultSecure" is now listening on 10.10.10.10:443 for protocols iiops, t3s, ldaps, https.>
####<Nov 17, 2010 12:55:52 PM CST> <Notice> <Server> <Kelvin> <PIA> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1290020152368> <BEA-002613> <Channel "DefaultSecure[5]" is now listening on fe80:0:0:0:741d:f596:ab4:94cd:443 for protocols iiops, t3s, ldaps, https.>
####<Nov 17, 2010 12:55:52 PM CST> <Notice> <Server> <Kelvin> <PIA> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1290020152368> <BEA-002613> <Channel "Default[5]" is now listening on fe80:0:0:0:741d:f596:ab4:94cd:80 for protocols iiop, t3, ldap, snmp, http.>
####<Nov 17, 2010 12:55:52 PM CST> <Notice> <Server> <Kelvin> <PIA> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1290020152368> <BEA-002613> <Channel "Default[2]" is now listening on fe80:0:0:0:818a:caaf:319d:8d73:80 for protocols iiop, t3, ldap, snmp, http.>
####<Nov 17, 2010 12:55:52 PM CST> <Notice> <WebLogicServer> <Kelvin> <PIA> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1290020152368> <BEA-000329> <Started WebLogic Admin Server "PIA" for domain "INNOVATI" running in Production Mode>
####<Nov 17, 2010 12:55:52 PM CST> <Warning> <Server> <Kelvin> <PIA> <DynamicSSLListenThread[DefaultSecure]> <<WLS Kernel>> <> <> <1290020152368> <BEA-002611> <Hostname "Kelvin", maps to multiple IP addresses: 10.10.10.10, fe80:0:0:0:ad0e:4847:e1ac:9d13%23>
####<Nov 17, 2010 12:55:52 PM CST> <Info> <EJB> <Kelvin> <PIA> <[STANDBY] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1290020152977> <BEA-010008> <EJB Deploying file: mejb.jar>
####<Nov 17, 2010 12:55:55 PM CST> <Notice> <WebLogicServer> <Kelvin> <PIA> <Main Thread> <<WLS Kernel>> <> <> <1290020155629> <BEA-000365> <Server state changed to RUNNING>
####<Nov 17, 2010 12:55:57 PM CST> <Notice> <WebLogicServer> <Kelvin> <PIA> <Main Thread> <<WLS Kernel>> <> <> <1290020157204> <BEA-000360> <Server started in RUNNING mode>
####<Nov 17, 2010 12:56:06 PM CST> <Info> <EJB> <Kelvin> <PIA> <[STANDBY] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1290020166611> <BEA-010009> <EJB Deployed EJB with JNDI name ejb.mgmt.MEJB.>
####<Nov 17, 2010 1:35:20 PM CST> <Info> <ServletContext-> <Kelvin> <PIA> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <> <1290022520267> <BEA-000000> <ERROR: WebProfile loading internal default settings because of an Exception while communicating with "kelvin:9000">
####<Nov 17, 2010 1:35:33 PM CST> <Info> <ServletContext-> <Kelvin> <PIA> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <> <1290022533121> <BEA-000000> <ERROR: WebProfile loading internal default settings because of an Exception while communicating with "kelvin:9000">
Edited by: 792295 on Nov 17, 2010 11:41 AM -
Invalid session id when logging in after logging out.(Stale session token?)
When I logout and then login again I get an exception in the agent debug log which seems to indicate that it is trying to use the old session token. The agent is correctly seeing the logout event and redirecting to the logout page and then to the login page. Am I missing something from my cookie rest values? What values should I have there?
amFilter:07/29/2009 04:06:23:141 PM EDT: Thread[WebContainer : 6,5,main]
WARNING: {color:#ff0000}SSOTokenValidator.validate():{color} Exception caught: AQIC5wM2LY4Sfcxv06BBMMZtbjHlFhrdIBTHWoP23atm718=@AAJTSQACMDE=#
{color:#ff0000}Invalid session ID{color}.AQIC5wM2LY4Sfcxv06BBMMZtbjHlFhrdIBTHWoP23atm718=@AAJTSQACMDE=#If you are being redirected to /amserver/UI/Logout the ssotoken id cookie should have been erased. Check that, and check in amFilter log what value of ssotoken id cookie in the request. It should change if you go to Logout then Login.
Please provide more detailed information of the environment and behaviour. -
Invalid session error when trying to transfer line items to shopping basket
Hi All,
I have a requirement in E-Commerce application.
when a user searches for a product in B2B webshop in 'products' tab in left frame, search results table get displayed which will have a shopping basket icon for each line item.
There we can transfer only a single item to shopping basket.
if we want to transfer more than one item, again shopping basket icon has to be clicked..
Now my requirement is that I have to add check boxes before each line item and a button below the results table ,so that when it is cliked, all the checked items should move to shopping basket in a shot.
I added a button and called '/catalog/updateitems.do' (onclick of buttton) which is the action called when 'transferselection' button in 'productISA.jsp' is clicked.
Now I am getting an error saying 'Invalid session' when that button is clicked. I am not able to guess the reason.
And also I want to ask experts, is this the correct way of proceeding for the requirement ?
I am new to E-Commerce and any pointers in this regard will be of great help.
Thanks,
Anasuya.Hello Anasuya,
Any reason why Catalog is not used but "Product" search list is used in the process? Catalog gives a more organized way of displaying and searching capabilities and makes the buying experience simple. Product search is a convenience tool for power users when you know the product.
Without major UI changes - like de-framing, the use of Product search for "Add to Cart" of all "selected" products from search list will not excite the end users. Catalog is a powerful tool that is available to you. Unless you have a strong business reason, it is better to use the features the way they are intended. You need to go back to the drawing board with your customer.
Anyway, I am assuming that you are doing a POC. I will give the same help I provided for your previous message on a similar topic. Re: Null poiner exception when trying to store extension data in existing BO. We need to understand the basics of Servlet / JSP. Just adding any action (calling servlet) from any page (JSP) may not help. We must understand that the action (servlet) may be expecting many values in the request context which is available in the page (JSP) it was placed in. If that action is blindly placed in another page, it is highly unlikely that it will work, unless, you also took the pain to provide the servlet behind that action with the data it is expecting. So, adding the action from _'productsISA.jsp' _ in organizer-content-product-search1.jsp will have bad results. If you have done the required changes to the JSP, then let us know the changes you have done to really understand the issue.
If you have not done so, here is what you can do for the POC. If you look at the JSP organizer-content-product-search1.jsp, it doesn't have any useful <INPUT tags that would pass on the Product data to the servlet. So
Surround the product (tech key) with <Input tag. (Hint: see productISA.jsp)
I am sure you already have this for the quantity1 and the new checkbox.
Add a button to a custom action.
inside the custom action read all the items and create a simple Java List of BasketTransferItem. Use BasketTransferItemImpl to actually use the instance.
Use methods setProductKey(String techKey), setQuantity(String quantity) and if you know the UoM use setUnit(String unit) to set the BasketTransferItemImpl object.
Add each instance of BasketTransferItem to the java List.
Now, place this list object in the request context under the attribute name baskettransferitemlist.
On success forward to "addtodocument"
Make proper changes to config.xml
I hope this will work without much changes.
(Note: This is not a cake served in a plate, but just a tested recipe for the cake. Please cook it nicely. If you need the cake immediately, then hire a Chef! - )
Easwar Ram
http://www.parxlns.com -
ORA-22: invalid session id;access denied
Hi,
I am getting the error: ORA-22: invalid session id;access denied when i switch responsability in fron end;
How to solve this anyone have any idea...
Thanks,
krWhat is the application release?
Was this working before? If yes, what changes have you done recently?
Try to regenerate the forms and relink the application executable files via adadmin, bounce the application services, and check then.
[Note: 150860.1 - ORA-1001 and ORA-22 Navigating in Forms or Switching Responsibility|https://metalink2.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=150860.1] -
"Could not deserialize session data" error during sign out
Hello,
I have an application deployed on WLS 8.1, one instance, no clustering. The application EAR contains 1 web module and 2 ejb modules. When I try to sign out(I use Single Sign-On for Multiple Applications - a sign out application deployed separately) I receive the attached error.
Notes: my session is serializable - I did a test that serialize and deserialize the session and I have no errors.
Q: Why does WLS try to deserialize the session data during sign out? I don't use any session persistance/replication.
The error ClassNotFoundException from my point of view is normal: UsersTableModel(from web modile) is not visible from the Application Classloader.
Here is the error:
<> <BEA-100028> <Could not deserialize session data.
java.lang.ClassNotFoundException: xxx.controller.actions.UsersTableModel: This error could indicate that a component was deployed on a cluster member but not other members of that cluster. Make sure that any component deployed on a server that is part of a cluster is also deployed on all other members of that cluster
at weblogic.j2ee.ApplicationManager.loadClass(Ljava.lang.String;Ljava.lang.String;Ljava.lang.String;Ljava.lang.ClassLoader;Z)Ljava.lang.Class;(ApplicationManager.java:344)
at weblogic.j2ee.ApplicationManager.loadClass(Ljava.lang.String;Ljava.lang.String;Ljava.lang.String;Ljava.lang.ClassLoader;)Ljava.lang.Class;(ApplicationManager.java:258)
at weblogic.j2ee.ApplicationManager.loadClass(Ljava.lang.String;Ljava.lang.String;Ljava.lang.String;)Ljava.lang.Class;(ApplicationManager.java:253)
at weblogic.j2ee.ApplicationManager.loadClass(Ljava.lang.String;Ljava.lang.String;)Ljava.lang.Class;(ApplicationManager.java:216)
at weblogic.common.internal.WLObjectInputStream.resolveClass(Ljava.io.ObjectStreamClass;)Ljava.lang.Class;(WLObjectInputStream.java:48)
at java.io.ObjectInputStream.readNonProxyDesc(Z)Ljava.io.ObjectStreamClass;(Unknown Source)
at java.io.ObjectInputStream.readClassDesc(Z)Ljava.io.ObjectStreamClass;(Unknown Source)
at java.io.ObjectInputStream.readOrdinaryObject(Z)Ljava.lang.Object;(Unknown Source)
at java.io.ObjectInputStream.readObject0(Z)Ljava.lang.Object;(Unknown Source)
at java.io.ObjectInputStream.readObject()Ljava.lang.Object;(Unknown Source)
at weblogic.servlet.internal.AttributeWrapper.convertBytesToObject([B)Ljava.lang.Object;(AttributeWrapper.java:173)
at weblogic.servlet.internal.AttributeWrapper.getObject(Z)Ljava.lang.Object;(AttributeWrapper.java:114)
at weblogic.servlet.internal.AttributeWrapper.getObject()Ljava.lang.Object;(AttributeWrapper.java:69)
at weblogic.servlet.internal.session.SessionData.removeAttribute(Ljava.lang.String;Z)Ljava.lang.Object;(SessionData.java:614)
at weblogic.servlet.internal.session.SessionData.removeAttribute(Ljava.lang.String;)V(SessionData.java:596)
at weblogic.servlet.internal.session.SessionData.remove()V(SessionData.java:808)
at weblogic.servlet.internal.session.MemorySessionContext.invalidateSession(Lweblogic.servlet.internal.session.SessionData;)Z(MemorySessionContext.java:69)
at weblogic.servlet.internal.session.SessionData.invalidate()V(SessionData.java:750)
at weblogic.servlet.security.ServletAuthentication.invalidateAll(Ljavax.servlet.http.HttpServletRequest;)Z(ServletAuthentication.java:184)
at xxx.framework.authentication.WebAuthenticationHelper.invalidateSessions(Ljavax.servlet.http.HttpServletRequest;)V(WebAuthenticationHelper.java:574)
at xxx.framework.authentication.WebAuthenticationHelper.closeSession(Ljavax.servlet.http.HttpServletRequest;Ljavax.servlet.http.HttpServletResponse;)V(WebAuthenticationHelper.java:523)
at xxx.framework.authentication.WebAuthenticationHelper.logout(Ljavax.servlet.http.HttpServletRequest;Ljavax.servlet.http.HttpServletResponse;)V(WebAuthenticationHelper.java:250)
at xxx.yyy.ViewDispatcher.process(Ljavax.servlet.http.HttpServletRequest;Ljavax.servlet.http.HttpServletResponse;)V(ViewDispatcher.java:75)
at xxx.yyy.ViewDispatcher.doGet(Ljavax.servlet.http.HttpServletRequest;Ljavax.servlet.http.HttpServletResponse;)V(ViewDispatcher.java:42)
at javax.servlet.http.HttpServlet.service(Ljavax.servlet.http.HttpServletRequest;Ljavax.servlet.http.HttpServletResponse;)V(HttpServlet.java:740)
at javax.servlet.http.HttpServlet.service(Ljavax.servlet.ServletRequest;Ljavax.servlet.ServletResponse;)V(HttpServlet.java:853)
at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run()Ljava.lang.Object;(ServletStubImpl.java:996)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(Ljavax.servlet.ServletRequest;Ljavax.servlet.ServletResponse;Lweblogic.servlet.internal.FilterChainImpl;)V(ServletStubImpl.java:419)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(Ljavax.servlet.ServletRequest;Ljavax.servlet.ServletResponse;)V(ServletStubImpl.java:315)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run()Ljava.lang.Object;(WebAppServletContext.java:6452)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(Lweblogic.security.subject.AbstractSubject;Ljava.security.PrivilegedAction;)Ljava.lang.Object;(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(Lweblogic.security.acl.internal.AuthenticatedSubject;Lweblogic.security.acl.internal.AuthenticatedSubject;Ljava.security.PrivilegedAction;)Ljava.lang.Object;(SecurityManager.java:118)
Edited by: user11291053 on 22-Jun-2009 02:52
Edited by: user11291053 on 22-Jun-2009 03:01
Edited by: user11291053 on 23-Jun-2009 01:42When OptimisticSerialization is turned on, WebLogic server does not serialize-deserialize context and request attributes upon getAttribute(name) when a request gets dispatched across servlet contexts. This means you will need to make sure that the attributes common to Web applications are scoped to a common parent classloader (they are application-scoped) or placed in the system classpath if the two Web applications do not belong to the same application.
When OptimisticSerialization is turned off (which is the default) WebLogic Server does serialize-deserialize context and request attributes upon getAttribute(name) to avoid the possibility of ClassCastExceptions. The value of OptimisticSerialization can also be overridden for specific Web applications by setting the optimistic-serialization value in weblogic.xml.
[http://edocs.bea.com/wls/docs100/ConsoleHelp/pagehelp/Corecoredomaindomainconfigwebapptitle.html]
[http://e-docs.bea.com/wls/docs90/webapp/weblogic_xml.html#1067857]
I hope this helps :) -
Hi
I get the problem like this....
"invalid session
you have tried to use a WWW session that has already been terminated. You should restart your session. If the problem persists you should close your world wide web browser and open it again."
What would be the remedy for this? Thanks.Swarna,
It seems that your session gets expierd.
This happens after how much time (after opening a new session) ?
Delete all cookies / history / temp data / cache from your browser,
Try with Firefox and IE both, if the problem is same in both then the problem is with your ITS configurations else it is with one of the browser.
It may also happen that your browser is set not to accept cookie or cookies are expiring immediately, check out these settings.
Try increasing time out time for ITS of it is not set to a proper value.
Regards,
Yogesh... -
WIH 00013: Invalid session
I have a prompt for channel in a report. There can be 5-6 channels. When I am running the report selecting just one channel, the report is refreshing fine. But when I am running for all channels, the report is giving an error: Invalid session. WIH 00013.
The report does not run more than 3 min.
Pls assistMay be you can try this to increase the session time,
Go to Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Business Objects\Suite 12.0\CMS\Instances\cmsname.cms,
Change IdleSessionTimeout=2700000
Modify the value at
HKEY_LOCAL_MACHINE\SOFTWARE\BusinessObjects\Suite 12.0\default\WebIntelligence\Server\Admin\SwapTimeOut to 2700000.(Only if WebIntelligence reports timeout)
If you are using IIS then,
Right-click default website --> properties
Go to the Home Directory tab and click on Configuration
Change the Session Timeout to 45 minutes
Right click the BOBJAppPool121 Application Pool --> Properties
Go to the performance tab and change the idle timeout to 45 --> Click OK
Right click the DefaultAppPool Application Pool --> Properties
Go to the performance tab and change the idle timeout to 45 --> Click OK
and then Restart IIS
Maybe you are looking for
-
Creation of new freight line in PO
Hi Everyone, Could you please guide me about the following query: In a PO, suppose we have done GR once and then cancelled the GR, in that case can we add a new freight line (previously there was no freight component added with the item) in the PO fo
-
Which Apple ID should I use for iCloud?
I'm thinking of signing up for iCloud. I have 2 Apple IDs. I have an iTunes @Mac.com and Mobile me @me.com. If I use the @me.com will I still be able to synch my iTunes across all of my devices. I would appreciate some advice.
-
Logic 8 seems not be using both cores??
I've been a lot of System Overload messages so I started monitoring the CPU usage and I've noticed that Logic is only using one core. When that maxes out I get the message. I've done all the things I should be doing (freezing tracks, raising the I/O
-
Please help with this. There is a box in the upper right corner that has 3 circles inside it. It is gray and white until you touch it then it gets black. I can't swipe the screen in any direction. When I touch an app it gets a black box around it
-
All folders stay to the right on the screen, I would like to move folders around
all folders stay to the right on the screen, I would like to move folders around