Missing session variables and multiple CFID/CFTOKEN
We are using ColdFusion 9.0.1 and have recently started to experience some sporadic behavior in our applications. These applications have worked without error for over 6+ years and have not been modified during this time.
Over the past couple of weeks, we have been receiving calls in regards to users not being able to login and receiving errors when performing various actions. We have put troubleshooting measures in place that display values when this occurs.
We have noticed that when the errors occur, there are multiple CFID/CFTOKEN COOKIE values. Additionally, session variables are being dropped (during simple tasks such as going from one screen to the next). These errors do not occur for the majority of users and have primarily occurred in Internet Explorer, but we have had some instances in other browsers. In most instances, if the user switches browsers, the same application works fine for them.
In one particular case, we have a <cfif> tag in the application.cfm file that checks for “session.user_id”. If it doesn’t exist, the user is directed to a login page using the <cflocation> tag. When experiencing the problem, users are continuously going back to the login screen because the system is saying that the session variable does not exist.
When working with one user who was experiencing this problem, we were able to remedy the problem by adding “addtoken=’yes’” to the cflocation tag. ** We do not prefer to do this for security reasons.
Rather than go through each application and try to “band-aid” each instance that occurs, can anybody offer some suggestions on why this behavior recently began and how we may be able to globally address it?
My immediate guess is that there is faulty logic in the code that updates the value of session.user_id. Apparently, one of the following scenarios might be happening.
Coldfusion creates a session, X, say. Session.user_id is as yet undefined, so ColdFusion cflocates the user to the login page. The user logs in, still within session X. His session.user_id is set.
Suppose, for whatever reason (and I know of at least two), the session drops. The user's very next request will make ColdFusion to create a new session, Y, say. Under session Y, the variable session.user_id, which corresponded to session X, will no longer exist. So ColdFusion cflocates the user to the login page. This cycle will of course repeat if left uncorrected.
Another possible scenario is that the variable session.user_id is not set at all, or is set in the context of a new session. I am assuming that the login page is a form. Then login validation occurs at the action page of the form. Presumably the variable session.user_id is set at this action page. If so, then perhaps ColdFusion fails to set this variable, or a new session is created as the request goes from the login-form page to the action page.
The 2 main reasons why a session drops are 1) it times out, 2) a new request starts a new session. Hence the following suggestions.
1) Is your sessionTimeout value low, say, just a few minutes? If so, increase it to 20 minutes.
2) Remember that the default behaviour of ColdFusion is to start a new session at every request. Use cflogin and cfloginuser together with loginStorage="session". Cflogin executes only if there is no logged in user, irrespective of the session. Therefore, getAuthUser() is a better authentication test than session.user_id.
3) Use Application.cfc in place of Application.cfm. In particular, the CFC offers you more fine-grained control over the beginning and end of sessions.
Similar Messages
-
Session variable and initialization block issues
We are using OBIEE 10.1.3.3 and utilizes built in security features. (No LDAP or other single sign on). The user or group names are not stored in any external table. I have a need to supplement Group info of the user to the usage tracking we implemented recently as the NQ_LOGIN_GROUP.RESP column contains username instead of group name. So I created a session variable and associated with a new initialization block and also had a junk default value set to the variable. In the initialization block, I wrote the following query and as a result it inserted correct values into the table when the TEST button was clicked from the initialization block form.
insert into stra_login_data (username, groupname, login_time) values ('VALUEOF(NQ_SESSION.USER)', 'VALUEOF(NQ_SESSION.GROUP)', SYSDATE)
My intention is to make this execute whenever any user logs on. The nqserver.log reports the following error and it doesn?t insert values into the table.
[nQSError: 13011] Query for Initialization Block 'SET_USER_LOGIN_BLOCK' has failed.
[nQSError: 23006] The session variable, NQ_SESSION.USER, has no value definition.
[nQSError: 13011] Query for Initialization Block 'SET_USER_LOGIN_BLOCK' has failed.
[nQSError: 23006] The session variable, NQ_SESSION.GROUP, has no value definition.
When I changed the insert statement as below, this does get populated whenever someone logs in. But I need the values of GROUP associated with the user as defined in the repository.
insert into stra_login_data (username, groupname, login_time) values ('TEST_USER', TEST_GROUP', SYSDATE)
Could someone help me out! As I mentioned above, I need the GROUP info into the usage tracking. So, if there is another successful approach, could you please share?
Thank you
AminHi Amin,
See [this thread|http://forums.oracle.com/forums/thread.jspa?messageID=3376946�]. You can't use the GROUP session variable in an Init Block unless it has been seeded from an Init Block first. There isn't an easy solution for what you want, but here are some options:
1) Create a copy of your User => Groups assignments in your RPD in an table so you can use it in your Usage Tracking Subject Area. But this means you will have to replicate the changes in two places so it's not a good solution.
2) As the GROUP session variable is populated when you login you could theoretically use it a Dashboard and pass it a parameter to write the value to the database. But as I am not sure how can you make fire only once when the user logins it sounds like a bad idea.
3) Move your User => Groups assignments from your RPD to a DB table. Use OBIEE Write Back or something like Oracle APEX to maintain them.
I think 3) is the best solution to be honest. -
Session variable and Tracking in Header file
Is there a way for me to keep track of the session and use a variable in my Header to pass around for this?
I have a login.jsp, validate_login.jsp and other jsp's that have the same header file. Instead of me using the same code in all of the jsp's I thought it would be easier to put it in the header Please look at the example code below:
// validate_login.jsp is passed username and password from the login.jsp.
// validate_login then calls the logIn method in my Session class.
<%@page contentType="text/html"%>
<%@page pageEncoding="UTF-8"%>
<%@page import="uom.edu.rd.session.Session"%>
<html>
<head><title>Validate Login</title></head>
<body>
<jsp:include page="header.jsp" />
<%
String username = request.getParameter("username");
String password = request.getParameter("password");
this_session.logIn(username, password);
boolean b = this_session.getLoggedIn();
%>
==================================================================
// The logIn method in Session class
public void logIn(String userName, String password) {
Connection con = null;
Statement stmt = null;
ResultSet rs = null;
try{
con = db.getConnection();
stmt = con.createStatement();
String sql = "SELECT * FROM RD_USER WHERE USER_NAME = '" + userName +"' AND USER_PASSWORD = '" + password + "'";
rs = stmt.executeQuery(sql);
if(rs.next()){
loggedIn=true;
}else{
loggedIn=false;
catch(Exception e){
// If something goes wrong, make sure
// the user is not logged in.
loggedIn=false;
}finally{
try{
rs.close();
stmt.close();
con.close();
}catch(Exception e){
* Log the user out.
public void logOut() {
loggedIn = false;
* Get the login status.
* @return boolean
public boolean getLoggedIn() {
return loggedIn;
==================================================================
// and this is part of my header.jsp
<%@page import="uom.edu.rd.session.Session"%>
<%
Session this_session = Session.findSession(request);
if ( this_session==null ) {
/* Now, instead of redirecting, create a new Session
* object and initialize it.
this_session = new Session();
this_session.makeSession(request);
this_session.createQueryBuilder(config);
%>
// This is the part I would like to pass around
<!-- Session logged_in = new Session(); -->
<%
boolean loggedIn = this_session.getLoggedIn();
if (loggedIn == false)
{ %>
<A STYLE="color:#FFFFFF;text-decoration:none;" HREF="./login.jsp"><FONT COLOR="#FFFFFF">LOG IN</font></a> <FONT COLOR="#FFFFFF"></font>
<% } else { %>
<A STYLE="color:#FFFFFF;text-decoration:none;" HREF="./logout.jsp"><FONT COLOR="#FFFFFF">LOG OUT</font></a> <FONT COLOR="#FFFFFF"></font>
<% }
%>
// so if you are logged in then you are able to view certain things on the jsp's if you are not logged in
// then of course you cannot. I want to pass around this loggedIn variable to all the jsp's
// after it checks loggIn Status for each page I have tried running this but I keep getting an error: cannot resolve symbol this_sessionUse <%@ include file="header.jsp" %> instead
-
Session variable and script error
Hello;
I am still writting this script that turns a bg sound on and
aff for the whole site to remember. I have a good start on this
code, but I am running into issues.
1. I am trying to use a checkbox to make the selection, and
when it is clicked, it will function without using a submit button,
the java script I am using isn't doing the job allowing the
checkbox to act as a link so to speak.
2. I need to make this script into a session variable. So
that when the decision is made, the site will remember it.
3. there might be a problem in my IF statement.
Can someone please help me out? I am attaching the code. It
is using a DB that has a yes/no box in the table this sound code is
accessing.
Thank you.
PhoenixA Quess...
Remove the OnClick in the form
<form onClick="category.submit();">
Place it in the input type?
<input type="checkbox"
onClick="category.submit();"> -
Help building an object, setting it in a session variable and casting
Hi all,
I have a problem that I hope you can help me with. The application I am working on has a simple MVC design architecture. The problem occurs when a request is made from the application to the controller servlet. The controller servlet looks at the request type and delegates the processing to the appropriate action and model classes. The model class returns an object of a specific class type that is put into the session variable. This session variable is then cast to the appropriate class type in the jsp that renders that class. The problem is that this particular class type has an array of another class type. The array is filled in the class constructor, but is null when returned to the controller.
At run time when accessing the array I get a NullPointerException error. I can't seem to figure this one out. Any help is greatly appreciated.
Here's the code:
Controller DoPost method. The 'Action' objects are defined and initialized in the init() method.
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException{
try {
HttpSession session = request.getSession();
MemberProfileTbl memProf = (MemberProfileTbl)session.getAttribute("Member");
RequestDispatcher rd;
if (!validateUser(memProf, session)){
session.setAttribute("LoginStatus", "Session Expired");
rd = getServletContext().getRequestDispatcher("/LoginFail.jsp");
rd.forward(request, response);
return;
String act = getAction(request);
Action action = (Action)actions.get(act);
Object result = null;
try {
result = action.perform(request, memProf);
}catch (NullPointerException npx) {
npx.printStackTrace();
session.setAttribute("currObject", result);
rd = getServletContext().getRequestDispatcher("/test/MemberConsole.jsp");
rd.forward(request, response);
catch (Exception ex){
ex.printStackTrace();
Action class:
package accolo.actions;
import javax.servlet.http.*;
import accolo.model .*;
import accolo.view.*;
import accolo.db.MemberProfileTbl;
public class ChangeMainView extends Action {
public String getName() {return "changeMainView";}
public Object perform(HttpServletRequest request, MemberProfileTbl memProf)
throws Exception, ClassNotFoundException, InstantiationException, IllegalAccessException{
Object result;
HMMainView hmMain = new HMMainView(memProf.email);
result = hmMain;
return result;
HMMainView.java class
public class HMMainView
private HMMainViewJob[] jobs;
public String test;
public HMMainView(String email)
HMJobsBean hmJobsBean = new HMJobsBean();
JobTblDao jobTblDao = new JobTblDao();
test = "test in constructor";
try{
JobTbl[] hmJobs = jobTblDao.getHMOpenJobs(email);
for(int j = 0; j < hmJobs.length; j++){
this.jobs[j].jobTitle = hmJobs[j].optionalTitle;
this.jobs[j].city = hmJobs[j].city;
this.jobs[j].state = hmJobsBean.getState(hmJobs[j].zipCode);
Hashtable counts = hmJobsBean.getJSCountsByStatus(hmJobs[j].jobId);
this.jobs[j].unranked = (String)counts.get("CANUNRANKED");
this.jobs[j].interviews = (String)counts.get("HMRI");
this.jobs[j].ranked = (String)counts.get("CANRANKED");
long closed = Long.parseLong((String)counts.get("HMRNI"));
closed += Long.parseLong((String)counts.get("HMCH"));
closed += Long.parseLong((String)counts.get("HMNH"));
this.jobs[j].closed = Long.toString(closed);
}catch(Exception ex){
ex.printStackTrace();
public HMMainViewJob[] getJobs(){ return jobs; }
HMMainViewJob.java class
package accolo.model;
public class HMMainViewJob
public long jobId;
public String jobTitle;
public String status_id;
public String city;
public String state;
public String unranked;
public String interviews;
public String ranked;
public String closed;
public HMMainViewJob()
Snippet of JSP that uses the code
Object result = session.getAttribute("currObject");
if (result != null){
String className = result.getClass().getName();
if (className.equals("accolo.model.HMMainView")){
header = "HM/HMConsoleHeader.jsp";
subNav = "HM/HMConsoleSubNav.jsp";
user = "HM/HMConsoleUser.jsp";
left = "HM/HMConsoleLeft.jsp";
// body = "HM/HMConsoleHome.jsp";
HMMainView hmMain = (HMMainView) result;
HMMainViewJob[] jobs = hmMain.getJobs();
for (int i = 0; i < jobs.length; i++){
%>
Jobs: <%=jobs.jobTitle%>
<%I have not run this through a debugger yet. I don't have immediate access to a debugger to run it through, most of the development is simply done in vi. I was hoping any problem in the code would jump out at someone. I've been staring at it too long.
I'll try to get a debugger set up.
Thanks -
Question about session variables and binding
Hi All,
I'm a newbie with Application Express. I've gone through several tutorials and a book, and now I'm actually getting started with apex. My first adventure is a tiny little form, where all you do is fill it out and it sends an email. Pretty simple.
And, i have it working just fine - but I have a question about something I don't quite understand. Basically, I am generating the email text in a page process. And some of the form fields work fine if i reference them as *:ACCT_NAME*, but some give me the dreaded "not all variables bound" error. For the ones that give me the error, I can reference them like V('ACCT_NAME').
So, as a newbie, I'm a little confused. When is it appropriate to use the V function, and when it is appropriate to use binding? Why would one of the fields work with binding but not another from the same form?
Thanks for any clarification you can offer,
LisaLisa,
A bind variable is a place holder variable available in an environment.It is used quite frequently(outside Apex Context) in SQL and PLSQL scripts and especially in Dynamic SQL statements.Many times using a bind variable gives better performance. In the Apex environment,page items and many other variables related to the session are available as bind variables and hence their value can be referred in SQL,PLSQL contexts as :VARIABLE_NAME.
Now V() function is an apex specific function which returns the value of an apex session variable outside the apex environment. So as Machaan pointed out, it is used in
procedures and triggers that gets called from within an apex session. This is required since the bind variables themselves are not directly available in the SQL environment but their values from the corresponding session can be accessed by this apex built-in function.
The length of any Bind variable name is limited to 30 characters, this is a limitation inherited from Oracle SQL itself and hence session variables(page or application items) whose name has a length which exceeds 30 characters cannot be used as the :ITEM_NAME format. In such cases you would have to use the v() method again. This might be happening in your case. -
Missing Session Variable After Redirect
For some reason my session variable has suddenly stopped
storing across my redirect. Can anyone please tell me what's going
on?Ha ha, how lame of me. My issue had nothing to do with the
code above. There was an error following this code on the landing
page which was being caught. A full two days of stressing because a
variable was named instance.ven_address1 instead of
instance.ven_address. YES, one character in a maze of code.
LMAO!! -
Issue with hierarchy node variable and multiple SAP hierarchies
Hello experts,
We are currently facing an issue when using two SAP hierarchies in Web Intelligence and one of them is restricted with a hierarchy node variable.
The systems we use are a SAP BI 7.01 (SPS 05) and a Business Objects Enterprise XI R3.1 SP2 (fix pack 2.3). I want also to point out that the fix pack 2.3 has been applied to all BOE related components: the SAP integration Kit, client tools, and enterprise (server and client).
The universe used in our scenario is based on a BEX Query with two hierarchies (non-time dependent hierarchies, intervals allowed) loaded on their corresponding characteristics. One of these characteristics is restricted with a hierarchy node variable (manual input, optional, ready for input, multiple single values allowed).
Prerequisites for replicating the problem:
1) When building the web intelligence query select several levels from both hierarchies (they have seven levels each) and the only amount of the InfoCube that the BEX query (that was used to create our universe) relies on.
2) In the hierarchy node variable prompt select a hierarchy node entry (not an actual InfoObject value that exists as transactional data in the InfoCube )
By executing the query built above, all characteristics are returned null (no value) and the key figure with value u201C0u201D. No error messages, no partial results warnings. Now if we go back to u201CEdit queryu201D and select levels of only one of any of the two hierarchies the query runs normally (by selecting the exact same value for the hierarchy node variable prompt).
Any ideas on the matter?
Regards,
GiorgosHi,
Have you ever got a solution for this problem?
I have a similar one.
Thanks,
regards, Heike -
Javacard and session variables
Hello,
I'm trying to find a reasonable Javacard technique to handle "session variables" that must be kept between successive APDUs, but must be re-initialized on each card reset (and/or each time the application is selected); e.g. currently selected file, currently selected record, current session key, has the user PIN been verified...
Such variables are best held in RAM, since changing permanent (EEPROM or Flash) variables is so slow (and in the long run limiting the operational life of the card).
Examples in the Java Card Kit 2.2.2 (e.g. JavaPurseCrypto.java) manipulate session variables in the following way:
1) The programmers group session variables of basic type (Short, Byte, Boolean) according to type, and map each such variable at an explicit index of a vector (one per basic type used as session variable).
2) At install() time, each such vector, and each vector session variable, is explicitly allocated as a transient object, and this object is stored in a field of the application (in permanent memory), where it remains across resets.
3) Each use of a session variable of basic type is explicitly translated by the programmer into using the appropriately numbered element of the appropriate vector.
4) Vector session variables require no further syntactic juggling, but eat up an object descriptor worth of permanent data memory (EEPROM or Flash), and a function call + object affectation worth of applet-storage memory (EEPROM, Flash or ROM).
The preparatory phase goes:
public class MyApp extends Applet {
// transientShorts array indices
final static byte TN_IX = 0;
final static byte NEW_BALANCE_IX=(byte)TN_IX+1;
final static byte CURRENT_BALANCE_IX=(byte)NEW_BALANCE_IX+1;
final static byte AMOUNT_IX=(byte)CURRENT_BALANCE_IX+1;
final static byte TRANSACTION_TYPE_IX=(byte)AMOUNT_IX+1;
final static byte SELECTED_FILE_IX=(byte)TRANSACTION_TYPE_IX+1;
final static byte NUM_TRANSIENT_SHORTS=(byte)SELECTED_FILE_IX+1;
// transientBools array indices
final static byte TRANSACTION_INITIALIZED=0;
final static byte UPDATE_INITIALIZED=(byte)TRANSACTION_INITIALIZED+1;
final static byte NUM_TRANSIENT_BOOLS=(byte)UPDATE_INITIALIZED+1;
// remanent variables holding reference for transient variables
private short[] transientShorts;
private boolean[] transientBools;
private byte[] CAD_ID_array;
private byte[] byteArray8; // Signature work array
// install method
public static void install( byte[] bArray, short bOffset, byte bLength ) {
//Create transient objects.
transientShorts = JCSystem.makeTransientShortArray( NUM_TRANSIENT_SHORTS,
JCSystem.CLEAR_ON_DESELECT);
transientBools = JCSystem.makeTransientBooleanArray( NUM_TRANSIENT_BOOLS,
JCSystem.CLEAR_ON_DESELECT);
CAD_ID_array = JCSystem.makeTransientByteArray( (short)4,
JCSystem.CLEAR_ON_DESELECT);
byteArray8 = JCSystem.makeTransientByteArray( (short)8,
JCSystem.CLEAR_ON_DESELECT);
(..)and when it's time for usage, things go:
if (transientShorts[SELECTED_FILE_IX] == (short)0)
transientShorts[SELECTED_FILE_IX] == fid;
transientBools[UPDATE_INITIALIZED] =
sig.verify(MAC_buffer, (short)0, (short)10,
byteArray8, START, SIGNATURE_LENGTH);I find this
a) Verbose and complex.
b) Error-prone: there is nothing to prevent the accidental use of transientShorts[UPDATE_INITIALIZED].
c) Wastefull of memory: each use of a basic-type state variable wastes some code; each vector state variable wastes an object-descriptor worth of permanent data memory, and code for its allocation.
d) Slow at runtime: each use of a "session variable", especially of a basic type, goes thru method invocation(s) which end up painfully slow (at least on some cards), to the point that for repeated uses, one often attain a nice speedup by caching a session variable, and/or transientShorts and the like, into local variables.
As an aside, I don't get if the true allocation of RAM occurs at install time (implying non-selected applications eat up RAM), or at application selection (implying hidden extra overhead).
I dream of an equivalent for the C idiom "struct of state variables". Are these issues discussed, in a Sun manual, or elsewhere? Is there a better way?
Other desperate questions: does a C compiler that output Javacard bytecode make sense/exists? Or a usable Javacard bytecode assembler?
Francois GrieuInteresting post.
I don't have a solution to your problem, but caching the session variables arrays in local variable arrays is a good start. This should be only done when the applet is in context, e.g. selected or accessed through the shareable interface. This values should be written back to EEPROM at e.g. deselect or some other important point of time. Do you run into problems if a tear happens? I don't think so since the session variables should be transactional, and a defined point will commit a transaction.
Analyzing the bytecode is a good idea. I know of a view in JCOP Tools (Eclipse plugin) where you can analyze the bytecode and optimize it to your needs. -
Server hangs and session variable value not maintained.
dear all,
this is exteremetly urgent. i upgraded my tomcat to 4.1.24.but i have problems running the same code which was working earlier, i get null in the value of session variable. and also get the following error
////////////////error got /////////////
Compile failed; see the compiler error output for details.
at org.apache.tools.ant.taskdefs.Javac.compile(Javac.java:842)
at org.apache.tools.ant.taskdefs.Javac.execute(Javac.java:682)
at org.apache.jasper.compiler.Compiler.generateClass(Compiler.java:317)
at org.apache.jasper.compiler.Compiler.compile(Compiler.java:370)
at org.apache.jasper.JspCompilationContext.compile(JspCompilationContext
.java:473)
at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper
.java:190)
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:2
95)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:241)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
icationFilterChain.java:247)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
ilterChain.java:193)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperV
alve.java:256)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContex
t.invokeNext(StandardPipeline.java:643)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.jav
a:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextV
alve.java:191)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContex
t.invokeNext(StandardPipeline.java:643)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.jav
a:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:
2415)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j
ava:180)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContex
t.invokeNext(StandardPipeline.java:643)
at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatche
rValve.java:171)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContex
t.invokeNext(StandardPipeline.java:641)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.j
ava:172)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContex
t.invokeNext(StandardPipeline.java:641)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.jav
a:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineVal
ve.java:174)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContex
t.invokeNext(StandardPipeline.java:643)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.jav
a:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:22
3)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java
:594)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.proce
ssConnection(Http11Protocol.java:392)
at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java
:565)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadP
ool.java:619)
at java.lang.Thread.run(Thread.java:536)
///////////////end of error messsge ////////////
the code where i am getting this message is as follows
<%@ page session="true"%>
<HTML>
<HEAD><TITLE> LOGGED IN ok</TITLE> </HEAD>
<%@ page import="java.sql.*" %>
<%! // declaring variables
String s = "";
java.sql.ResultSet rs=null;
java.sql.Connection con;
java.sql.Statement stmt=null,stmt1=null;
String username = "";
String password = "";
String Ousername = "";
String Opassword = "";
String changepass="";
String usertype ="",useremail="",EmpName="";
%>
<body>
<%
try
//set session for max of 100 milliseconds
// session.setMaxInactiveInterval(10000);
Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
con = java.sql.DriverManager.getConnection("jdbc:odbc:Driver={Microsoft Access Driver (*.mdb)};" +"DBQ=c:/vishal/HelpDesk.mdb;DriverID=22;READONLY=false","","");
stmt = con.createStatement();
s = "select * from LoginUser";
username = request.getParameter("LogonId"); //get this through prev. form
password = request.getParameter("txtPassword");
out.println(username + " " + password);
// make explicitly to lower case
username = username.toLowerCase();
rs = stmt.executeQuery(s);
while(rs.next())
//getting data from database
Ousername = rs.getString("EmpName");
Opassword = rs.getString("Password");
useremail = rs.getString("EmailId");
usertype = rs.getString("UserType");
if(Opassword.equals(password) && Ousername.equals(username)) //found match correct entry
changepass = request.getParameter("PasswordNew");
if(changepass != null)
stmt1 = con.createStatement(java.sql.ResultSet.TYPE_SCROLL_INSENSITIVE,java.sql.ResultSet.CONCUR_UPDATABLE);
s = "update LoginUser set Password = '" + changepass + "' where EmpName = '" + username +"'";
out.println(s);
stmt1.executeUpdate(s);
stmt1.close();
if(usertype.equals("User") == false)//ie admin
session.setAttribute("username",username);
************************this value not maintained *********************
session.setAttribute("useremail",useremail);
session.setAttribute("usertype",usertype);
************************this value not maintained *********************
//closing connections
%>
<jsp:forward page= "ComplaintType.jsp" />
<%
else //user
EmpName = username;
session.setAttribute("EmpName",EmpName);
session.setAttribute("useremail",useremail);
//closing connections
%>
<jsp:forward page="ComplaintCategory.jsp" />
<%
}//end if
}//while loop
//first closing connections then forwarding
%>
<jsp:forward page="InvalidLOGIN.jsp" />
<%
///rs.close();
////closing
//stmt.close();
// con.close();
}//try
catch(Exception ep)
out.println(ep);
System.exit(1);
%>
</BODY>
</HTML>hi all,
thanx a lot for your help,specially hari52
hari52 strangely enough the code started working,but
now i have another problem
after a while my server hangs or gets shutdown ,a
message is shown as
"java.exe has generated error and will be shutdown"
i know that more connections can be a prob. but i
make sure that connections r closed on each page,also
i am a newbie and do not have the time at present to
learn abt. connection pool ,can this problem be
solved easily?
it would be a great help again on your part,
thanx again,You remove the System.exit(1) line from the code inside the catch block
and try again. That's the reason tomcat getting down. System.exit(1) should not be used inside jsp. it will make the underlaying Servlet Engine to shutdown. -
CFLOGIN not maintaining cfauthrization session variable
I have a simple CF web site where all of the .cfm is in the
same directory. I can not use client cookies as the people I am
writing this for have cookies turned off in IE, therefore I am
using J2EE session variables and CFLOGIN in an application.cfm file
(code attached) for authentication. Everything works correctly
during login and I can see the encrypted username/password as the
cfauthorization session variable....
Session Variables:
cfauthorization=Y3BkYWRtaW46cmVwb3J0ODQzOmNwZA==
sessionid=c23059df643c42544069
urltoken=CFID=783&CFTOKEN=91556252&jsessionid=c23059df643c42544069
Once I try to browse to another cfm page on the site, I get
booted back to the index.cfm login page. After some digging I
figure out that the cfauthorization variable was blank after I
click on the link, which as I understand it indicates that I am not
logged in and the
<cfif not IsDefined("cflogin")>
<cfinclude template="index.cfm">
<cfabort>
code in the application.cfm sends me back to the login page.
I have confirmed that using valid credentials causes <cfif
cpdauth.recordcount GT "0"> to return true.
Any idea as to why my session authorization is not being
maintained between pages? Or if I am completely off base as to the
reason this is happening.....and if so, what am I doing wrong.
Thanks
GregYour login code seems to be fine. You yourself are already
aware that you have to have a way to pass-the-baton between
requests, to maintain a session.
The usual way Coldfusion maintains sessions is to send CFID
and CFTOKEN cookies to the client browser. That happens
automatically under the hood, assuming you haven't switched
setClientCookies off.
For session management by means of cookies, I would use a
cfapplication tag like
<cfapplication name = "cpd"
applicationTimeout = "#createTimespan(1,0,0,0)#"
sessionManagement = "yes"
clientManagement = "yes"
sessionTimeout = "#createTimeSpan(0,0,20,0)#"
setClientCookies = "true"
scriptprotect="all"
loginstorage="Session">
However, all of that assumes that the client browser accepts
cookies. Where it doesn't, the usual way to maintain sessions is to
pass CFID and CFTOKEN values in the URL of every request. In fact,
the function that Bluetone suggests,
URLSessionFormat,
makes the process efficient. It instructs Coldfusion to append CFID
and CFTOKEN to the URL only when the client doesn't accept cookies.
Which means Coldfusion would still be using cookies wherever
possible. Some examples
<a href="#URLSessionFormat('orders.cfm')#">My
orders</a>
<cfform method="Post"
action="#URLSessionFormat("MyActionPage.cfm")#">
</cfform>
<cflocation url = "products.cfm" addToken = "yes"> -
Dates Format in Promts using Session Variables
Hi Experts,
I have an issue in controlling date format in prompts using session variable which I am using to set default value.
By default date format is timestamp E.g '2010-12-19 12:00:00 AM'.
As per requriement(s) I customized the date format in Reports as 19-Dec-2010 and I saved it as "System Wide Default for <Date Column Name> "
So, I got desired format in Reports and Date Prompts.
Now, I need to set a default value in Date Prompt. So, in RPD I created a Session Variable which returned me date in
DD-MON-YYYY format. Using follwing SQL :
SELECT REPLACE(CONVERT(VARCHAR(11), Getdate (), 106), ' ', '-') AS [DD-Mon-YYYY]
But in reports takes this value as string and not Datetime. So i got an error message.
A datetime value was expected (received "19-Dec-2010").
If i do not use above SQL to CONVERT date then default date in prompt get displayed as timestamp format and give me desired results but Formatting looks very odd in prompt
Is this a way so I can persist the [DD-Mon-YYYY] Formatting for default value which comes using variable and still run the report.
Above problem also exist vice versa that is if i SET that session variable and pass the datetime value to server. But there i guess I can use ToDate or some Casting in RPD column expression to handle that. Tell me if i am right ?
Thanks
SaurabhThat almost works. I had to adjust the syntax to the following...and then there are other issues doing this.
select cust_no, name,'@{session.currentUser}' from customersMy write-back SQL is this:
UPDATE customers SET NAME='@{c1}',LAST_EDITED_BY='@{c2}' WHERE CUST_NO=@{c0}But I don't want to display the cust_no column to the user. So I hide it in the UI. But if I do that I get the below error during write-back. Apparently sometimes when you hide a column on a direct query (numeric maybe?) the value doesn't transfer over to the write-back. If that's the case, this won't work for me. Hmm...
Error Codes: OPR4ONWY:U9IM8TAC:OI2DL65P
State: HY000. Code: 10058. [NQODBC] [SQL_STATE: HY000] [nQSError: 10058] A general error has occurred. [nQSError: 43093] An error occurred while processing the EXECUTE PHYSICAL statement. [nQSError: 17001] Oracle Error code: 936, message: ORA-00936: missing expression at OCI call OCIStmtExecute: UPDATE customers SET NAME='Wyatt Donnely',LAST_EDITED_BY='Administrator' WHERE CUST_NO= . [nQSError: 17011] SQL statement execution failed. (HY000)
SQL Issued: EXECUTE PHYSICAL CONNECTION POOL dev1 UPDATE customers SET NAME='Wyatt Donnely',LAST_EDITED_BY='Administrator' WHERE CUST_NO= -
Cfid & cftoken keep resetting everytime time the page refreshes!!!!
I need some assistance. I have setup several CF applications and never had any issues with session/application management. However this time around every time I refresh the page it gives me a new cfid and cftoken. Obviously it won't allow me to keep my session and I get redirected to the log in page. Here is how I am setting up my application. Does anyone see any issues with this?
<cfscript>
This.name = 'ApplicationName';
this.clientmanagement="no";
This.sessionManagement = "yes";
This.applicationtimeout = CreateTimeSpan(0,1,0,0);
This.sessionTimeout = CreateTimeSpan(0,0,20,0);
This.scriptProtect="All";
This.setclientcookies = "no";
This.setdomaincookies = "no";
</cfscript>
Side question, when is the cfid and cftoken suppose to change? When I land on the page for the first time before I log in the cfid & cftoken get set. That will be the same cfid & cftoken for the full session. Then the cfid & cftoken gets dropped once the application has timed out? (maybe a dumb question...)
Please Help!!!If you setclientcookies to be FALSE ("no", whatever), then you need to deal with the CFID & CFTOKEN values yourself (generally by passing them on every URL in your site. Which is a right PitA.
Are you sure you meant to set it to FALSE?
Adam -
Override the GROUP system session variable within an initialization block
Hi,
We're trying to override the GROUP system session variable and having no luck. We've created an initialization block to return the semicolon-separated list we're looking for but when a user logs in, it seems like it is overridden with the default. When we change the name of the variable to something other than GROUP, it works great and we get the expected value. Is there something we're missing with overriding the particular value?
Here is the query we're attempting to use for the variable:
Select 'GROUP',
ListAgg(OBI_ROLE, ';') Within Group (Order By USER_EMAIL)
From CSS_OBI_USER_ROLE
Where USER_EMAIL In (':USER')
We also tried:
Select
ListAgg(OBI_ROLE, ';') Within Group (Order By USER_EMAIL)
From CSS_OBI_USER_ROLE
Where USER_EMAIL In (':USER')
We made sure that the variable name was 'GROUP' as well.
Not sure if it's important to note or not, but the returned values do correspond to existing applications groups already defined within OBI.
Any help is greatly appreciated!
Thanks,
Jassince you have value as OpsReviewViewer;OpsReviewAuthor:BIAdministrator
my not help row wise setting
try to handle ; part using sql query so that you get those number of records to use row-wise
so this
Select 'GROUP',
ListAgg(OBI_ROLE, ';') Within Group (Order By USER_EMAIL)
From CSS_OBI_USER_ROLE
Where USER_EMAIL In (':USER')
with row-wise show work -
Can a session variable be an array?
I have a dynamic list which may have multiple values
selected. I can capture the resulting array in a $_POST variable.
Using the Insert Record behavior, I cannot cause the $_POST
variables to be sent to the redirect page unless I use session
variables. Can a session variable be defined as an array? If so,
how do I declare it as an array and how do I move the form variable
array to a session variable array? If it can't be an array, how do
I define the target variables for 0 to x items from a form variable
array?I can't answer specifically for PHP but in the other
languages as session
variable is basically a holding place for a value. As a comma
is a valid
character then if you have a comma delimited list (which is
what a form give
you if multiple items are selected) then you simple assign it
to the session
variable and it will be stored as such.
Paul Whitham
Certified Dreamweaver MX2004 Professional
Adobe Community Expert - Dreamweaver
Valleybiz Internet Design
www.valleybiz.net
"Rankin" <[email protected]> wrote in
message
news:ef9suk$iqe$[email protected]..
>I have a dynamic list which may have multiple values
selected. I can
>capture
> the resulting array in a $_POST variable. Using the
Insert Record
> behavior, I
> cannot cause the $_POST variables to be sent to the
redirect page unless I
> use
> session variables. Can a session variable be defined as
an array? If so,
> how
> do I declare it as an array and how do I move the form
variable array to a
> session variable array? If it can't be an array, how do
I define the
> target
> variables for 0 to x items from a form variable array?
>
Maybe you are looking for
-
HOW TO FIND THE REQUIRED DELIVERY DATE IN VA02
hi HOW TO FIND THE REQUIRED DELIVERY DATE IN VA02. i want to display this field in my report. what is the fieldname and in which table it is ?
-
Can anyone explain the mechanism of data transfer from r3 to bw?
Hi all the bw expert, i have one question on the mechanism of data transfer from r3 to bi 7.0. the followings is my concerns: scenario: The total numer of data is 1000 rows and these rows are seperated into 10 data package , each package contains 100
-
we have created an asset in march 2009 in one of our company code in 2009.For this company code dep was never run in 2008.We didnt close the fiscal year too.If i want to run deo now for the new asset in march then should i first close 2008 and can i
-
I have no other details.
-
Do i require the adobe player to be embedded in the source code while designing a site?
In my website and I want to use a flash file inside with some animation in place of a slider with static images. I am confused if I am required to add a flash player on the website in its source code. Is there a way that I can use the flash player or