Mod-osso agents session expiry - Query

Hi,
My setup details:
1) I have a OHS server configured with mod-osso agent.
2) There is a OAM server which has the profile created for this mod-osso agent.In the OAMConsole I set the 'SESSION LIFETIME'(under common settings) to 2min.
3) When I try to access the protected resource (protected by OSSO agent) it seems to take about 4 mins or so to expire a session.
As per few documents, "this behavior is seen only for mod-osso agents and that is due to the presence of the OHS cookie.This is by design of mod-osso agents meant to reduce server round-trips."
I tried to search a lot about the exact working of the OHS-cookie in this regard and how does it count to increase in the session expiry time.
It will be very helpful ,if I get any details/pointers on this topic.
Thanks!

Create a new osso.conf via rreg or OAM console after the WLST command to enable GITO has been executed. The osso.conf file contains entries for the cookie name and the idle time. The osso.conf is encrypted for security reasons.

Similar Messages

Redirecting user to login page after session expiry

Hi,
Default session expiry implementation in sap EP6.0 doesn't work properly. To overcome this, we have implemented one component where we check the idle time and throw the user back to the login page if the idle time has exceeded the session expiry period. This component has been added to desktop inner page as an iView. Following is the logic put in this component.
IAuthentication ia = UMFactory.getAuthenticator();
ia.logout(httpRequest, httpResponse);
httpResponse.sendRedirect("/irj/portal");
We are successfully getting the login page after session expiry. Issue is, our portal server is running on 11111 port. We cannot change this to 80 on unix because of unix limitations for the port number. So we have put one apache web server before our portal server. Apache web server is listening on port 80 and forwarding the request to our portal server.
Now when user is redirected to the login page, url being shown in the browser is http://<host_name>:11111/irj/portal but I am expecting http://<host_name>/irj/portal (without port). I have tried putting the full url in sendRedirect() method but that too doesn't work.
Any help is highly appreciated.
Regards,
Chandra

Hi Chandra,
Let the URL be relative in the sendRedirect i.e.
httpResponse.sendRedirect("/irj/portal");
However since you have a Reverse proxy in front, the response header for redirect will not contain the address of the reverse proxy in this case, your servername without port. You have to properly configure your reverse proxy so that the HTTP Headers are changed properly before sending the response to the users.
Check this URL,
http://httpd.apache.org/docs/1.3/mod/mod_proxy.html#proxypassreverse
This gives you the details on configuring your apache.
Hope this helps.
Ankur
P.S. If this helps please reward points.

How to display LOV on web in ENTER-QUERY mode with form or block query only.

Hello all
How can I display lov automatic on the web in from enter-query
mode in form or block query only mode.
thankx

If I understand correctly your explanation, your called form
fails to activate the LOV in enter-query mode when it is deployed
and test on the browser.
So lets proceeed like this, to make it work in all environments,
let us programetically activate the LOV.
HOW?
In the called form, write in the WHEN-NEW-ITEM-INSTANCE TRIGGER
at block level (if have more than one LOV)
IF :SYSTEM.MODE = 'ENTER-QUERY' THEN
IF get_item_property(:system.cursor_item,lov_name) IN ('YOUR
LOV1', 'LOV2' etc) THEN
IF SHOW_LOV(get_item_property(:system.cursor_item,lov_name))
THEN
NULL;
END IF;
END IF;
END IF;
The above code maybe tweak to suite your need and condition.
This way, we explicitly make the LOV appear in ENTER-QUERY mode
whenever the user clicks on an item with an attached LOV.
Hope this helps.
Mohammed R.Qurashi

Verify session expiry using BO api

Hi,
I have an application connecting to BO server for getting reports. I create a BO session using BO api and successfully getting the reports by suppressing the login page. But now i need to verify the BO session expiry.
Could any one tell me which BO api should i use to verify this.
Any help would be highly appreciated

Hi Ted,
Thanks for your valuable suggestion, but I am still not able to verify whether the session is expired or not. I have changed all the session time out tag in web.xml of these deployed application on tomcat of BO
1. businessobjects
2. adminlaunch
3. desktoplaunch
and also on Central Management Server >Servers>Web_IntelligenceReportServer -->Connection Time Out parameter. I have set it to 1 min.
when I logged into the InfoView, its session time out happens after 1 min. So by these changes I am sure that session is expired after 1 min, but when I do it using a custom application it doesn't tell me whether the session is expired or not.
Here is my code :
        HttpSession session = request.getSession();
        String logonToken = (String)session.getAttribute("BOSessionToken");
        IEnterpriseSession enterpriseSession =(IEnterpriseSession) session.getAttribute("EnterpriseSession") ;
        try
             //First time login
             if(enterpriseSession == null){
                  ISessionMgr sessionMgr = CrystalEnterprise.getSessionMgr();
                  enterpriseSession = sessionMgr.logon(UserName, Password, sCMS, "secEnterprise");
                  logonToken = enterpriseSession.getLogonTokenMgr().createLogonToken("", 60, 100);
                  logger.debug("Retrived Token for reports is --> " + logonToken);
                  // Store the IEnterpriseSession object in the session.
                  session.setAttribute("EnterpriseSession", enterpriseSession);
                  session.setAttribute("BOSessionToken", logonToken);
             else{
                       // Check where EnterpriseSession is expired or not
                       IInfoStore iStore = (IInfoStore) enterpriseSession.getService("InfoStore");
                       if(iStore == null)//This may fail if the IEnterpriseSession is expired
                            ISessionMgr sessionMgr = CrystalEnterprise.getSessionMgr();
                            enterpriseSession = sessionMgr.logon(UserName, Password, sCMS, "secEnterprise");
                           logonToken = enterpriseSession.getLogonTokenMgr().createLogonToken("", 60, 100);
                           logger.debug("BO token is expired, creating new token --> " + logonToken);
                           // Store the IEnterpriseSession object in the session.
                           session.setAttribute("EnterpriseSession", enterpriseSession);
                           session.setAttribute("BOSessionToken", logonToken);
                       else{
                            logonToken = (String)session.getAttribute("BOSessionToken");
                            logger.debug("Using the older Token for reports --> " + logonToken);
The condition if(iStore == null) is not going to be valid not even a single time even if the session is timed out.
With Regards,
Anosh

E-mail of the Mode of Conveying the Expiry Notice not work!

Hi,
In idm 10.1.4, I have a problem.
In the Password Expiry Notice Period,I specified 15 days.
In the Mode of Conveying the Expiry Notice field,I specified both: At login and E-mail.
Now At login option do well, but E-mail not work.
How can I do with this ?
Thanks for you help!

Hi,my question has not been done.
Thanks a lot.

Page Not displayed error upon Session Expiry in Solari Environment

Hi All,
I have a web application deployed in Solaris environment.
Session expiry is handled from the application.
I have this code for session expiry in my filter class:
((HttpServletResponse) _response).sendRedirect("/myapp/view/sessionExpired.jsp");
When this code is executed Im getting "Page Cannot be Displayed " error is thrown.
The same scenario works fine windows environment.
Im facing this issue when it is on Solaris environment.
Thanks in Advance.
Cheers,
Shorath

I am using basic in my local environment. When we deploy to DEV/QA/PROD server, it will be SSO enabled. The requirement is, when user clicks on Ok button on session expired popup, it should just stay(refresh) on the same page with the pretty URL. Currently it refreshes the page with full URL.
URL in Browser before session expiry: http://localhost:7101/MyApp/faces/page1
URL in Browser after session expiry(click ok on popup, refreshes the same page): http://localhost:7101/MyApp/faces/oracle/webcenter/portalapp/pages/page1.jspx

Problem in implements ADF Faces: Detecting and handling user session expiry

Hello everybody
I´m trying to implement a method to handle user session expiry as explained by frank nimphius in his blog.
http://thepeninsulasedge.com/frank_nimphius/2007/08/22/adf-faces-detecting-and-handling-user-session-expiry/
I have implemented the class bellow and add the filters in web.xml. However when I add the JavaServer Faces Servlet to sign the filter, my hole application get nuts. I try to publish the applicatoin in the OAS and it seems that it already starts expired.
Someone konw what I´m doing wrong?
I use the filter
<filter>
<filter-name>ApplicationSessionExpiryFilter</filter-name>
<filter-class>adf.sample.ApplicationSessionExpiryFilter</filter-class>
<init-param>
<param-name>SessionTimeoutRedirect</param-name>
<param-value>SessionExpired.jspx</param-value>
</init-param>
</filter>
then I add
XML:
<filter-mapping>
<filter-name>ApplicationSessionExpiryFilter</filter-name>
<servlet-name>Faces Servlet</servlet-name>
</filter-mapping>
package adf.sample;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
this is the class
public class ApplicationSessionExpiryFilter implements Filter {
private FilterConfig _filterConfig = null;
public void init(FilterConfig filterConfig) throws ServletException {
_filterConfig = filterConfig;
public void destroy() {
_filterConfig = null;
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
String requestedSession = ((HttpServletRequest)request).getRequestedSessionId();
String currentWebSession = ((HttpServletRequest)request).getSession().getId();
boolean sessionOk = currentWebSession.equalsIgnoreCase(requestedSession);
// if the requested session is null then this is the first application
// request and "false" is acceptable
if (!sessionOk && requestedSession != null){
// the session has expired or renewed. Redirect request
((HttpServletResponse) response).sendRedirect(_filterConfig.getInitParameter("SessionTimeoutRedirect"));
else{
chain.doFilter(request, response);
I'm really having trouble controlling user sessions. if someone know where I can get materials to learn how to implements session in Jdev ADF + BC, I´m very grateful.
Thank you Marnie

The class works fine.. the issue is when I add the this code into web.xml
<filter-mapping>
<filter-name>ApplicationSessionExpiryFilter</filter-name>
<servlet-name>Faces Servlet</servlet-name>
</filter-mapping>
bellow the web.xml
<?xml version = '1.0' encoding = 'windows-1252'?>
<web-app>
<description>Empty web.xml file for Web Application</description>
<context-param>
<param-name>javax.faces.STATE_SAVING_METHOD</param-name>
<param-value>client</param-value>
</context-param>
<context-param>
<param-name>CpxFileName</param-name>
<param-value>userinterface.DataBindings</param-value>
</context-param>
<filter>
<filter-name>ApplicationSessionExpiryFilter</filter-name>
<filter-class>view.managedBean.ApplicationSessionExpiryFilter</filter-class>
</filter>
<filter>
<filter-name>adfFaces</filter-name>
<filter-class>oracle.adf.view.faces.webapp.AdfFacesFilter</filter-class>
</filter>
<filter>
<filter-name>adfBindings</filter-name>
<filter-class>oracle.adf.model.servlet.ADFBindingFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>ApplicationSessionExpiryFilter</filter-name> ==> the problem occurs when I try to add this code
<servlet-name>Faces Servlet</servlet-name>
</filter-mapping>
<filter-mapping>
<filter-name>adfFaces</filter-name>
<servlet-name>Faces Servlet</servlet-name>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>adfBindings</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>adfBindings</filter-name>
<url-pattern>*.jspx</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet>
<servlet-name>resources</servlet-name>
<servlet-class>oracle.adf.view.faces.webapp.ResourceServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/faces/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>resources</servlet-name>
<url-pattern>/adf/*</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>1</session-timeout>
</session-config>
<mime-mapping>
<extension>html</extension>
<mime-type>text/html</mime-type>
</mime-mapping>
<mime-mapping>
<extension>txt</extension>
<mime-type>text/pain</mime-type>
</mime-mapping>
</web-app>
By the way, how can I post code on the forum properly?

Modes and Methods in Tag Query and SQL Query

Hi,
Can someone explain me about the modes available in TAG Query and SQL Query.
TAG Query has modes such as Current, CurrentWrite, GroupList, History, HistoryEvent, ModeList, Statistics and TagList
SQL Query i still have doubt on FixedQuery with output , Modelist and TableList
I also need to know why methods are used?
Thanks in advance
Regards
Muzammil

I'll try to explain to the best of my knowledge :
TagQuery
Current : Gives you the current value of the Tag you are reading.
CurrentWrite : Let you write a Value as the Current Value of the Tag.
GroupList : Generally Tags are grouped under different groups. Returns you the name of the Groups.
From the xMII Help Document :
History : History Mode returns interpolated data. Interpolation can be accomplished by specifying either the # of rows desired or the retrieval resolution. If the mode is "History" and a value is provided for the Resolution parameter (which is in seconds), the connector will retrieve evenly-spaced values starting at the beginning of the time interval, up to the maximum # of rows specified in the RowCount parameter. If no value is provided for the Resolution parameter, the connector will return an evenly-spaced number of values based on the value of the RowCount parameter.
For example, if the time interval is 1 hour, Resolution is 15, and RowCount is 240, the connector will return evenly spaced values each 15 seconds, up to 240 values (which would span the entire hour).
If the time interval is 1 hour, Resolution is not provided or is set to zero, and RowCount is 120, the connector would return 120 evenly spaced values, at an effective interval of 30 seconds.
HistoryEvent Mode : The connector can provide historical values "as they were stored" the database. This mode provides no interpolation of values.
Statistics Mode : When retrieving data for statistical calculations, the connector utilizes the same techniques as in the "HistoryEvent" mode. It is important to note that the first two returning columns in the HistoryEvent query must be the timestamp and the value, in that order. The SAP xMII Statistical processor expects that order, or errors will occur. This ensures precision of statistical measurements, particularly time-weighted average, by using the exact storage time and values from the historical database. The SAP xMII system provides the statistical calculations.
Modelist : Basically returns the modes of the Query Available. The Data returned is same as the data in the Modes list in the Quert Template Editor.
Taglist : Returns all the Tags in the Datasource.
SQL Query
Modelist : Same as above.
TableList : List of all the tables in the database to which the connector connects.
Again from SAP xMII Help Documentation :
FixedQueryWithOutput : This mode is used to execute an Oracle stored procedure or function that returns a REF CURSOR as output. The position of the REF CURSOR is marked by a "?" in the query. For example:
Create a table.
create table usage (id int, name varchar(50));
insert into usage (id, name) values (1, 'test1');
insert into usage (id, name) values (2, 'test2');
insert into usage (id, name) values (3, 'test3');
insert into usage (id, name) values (4, 'test4');
insert into usage (id, name) values (5, 'test5');
insert into usage (id, name) values (6, 'test6');
insert into usage (id, name) values (7, 'test7');
insert into usage (id, name) values (8, 'test8');
Define the stored procedure.
DROP PACKAGE foopkg;
CREATE PACKAGE foopkg IS
TYPE cursortype is ref cursor;
PROCEDURE test (mycursor in out cursortype);
END foopkg;
CREATE PACKAGE BODY foopkg IS
PROCEDURE test (mycursor in out cursortype) AS
BEGIN
open mycursor for select * from usage;
END;
END foopkg;

Define a query template for calling the stored procedure. Enter the following in the FixedQuery tab:
call foopkg.test(?)
This template returns all rows from the Usage table.

Handling user session expiry

I am trying to implements Frank's way of detecting session expiry.(http://thepeninsulasedge.com/frank_nimphius/2007/08/22/adf-faces-detecting-and-handling-user-session-expiry/)
It looks so simple and works perfectly well on test application in OC4J servers...
But it doesnt work on my JBoss.
Basicaly you take requestSession and currentWebSession in filter and compare them like this:
String requestedSession = ((HttpServletRequest)request).getRequestedSessionId();
String currentWebSession = ((HttpServletRequest)request).getSession().getId();
If session id's are not equal, then it is expired session...But on my JBoss I always get equal session ids and never get requestedSession null (you should get null on initial session)!!! I am realy stuck with this
I try checking if requested session is valid with isRequestedSessionIdValid() and I always get valid on my JBoss... on OC4J it works properly as well...
Maybe this has something to do with my secure connection on JBoss?
Can someone please give me something to hold to!?

I am trying to implements Frank's way of detecting session expiry.(http://thepeninsulasedge.com/frank_nimphius/2007/08/22/adf-faces-detecting-and-handling-user-session-expiry/)
It looks so simple and works perfectly well on test application in OC4J servers...
But it doesnt work on my JBoss.
Basicaly you take requestSession and currentWebSession in filter and compare them like this:
String requestedSession = ((HttpServletRequest)request).getRequestedSessionId();
String currentWebSession = ((HttpServletRequest)request).getSession().getId();
If session id's are not equal, then it is expired session...But on my JBoss I always get equal session ids and never get requestedSession null (you should get null on initial session)!!! I am realy stuck with this
I try checking if requested session is valid with isRequestedSessionIdValid() and I always get valid on my JBoss... on OC4J it works properly as well...
Maybe this has something to do with my secure connection on JBoss?
Can someone please give me something to hold to!?

Get the session information like time left to session expiry or logoff etc

Hi Experts,
In webdynpro ABAP I would like to get the session information like time left to session expiry or logoff etc. Please suggest me whether ther are any clasess or code available to get the info.
Advance Thanks,
Thanks,
AMS

Hi,
What do you want to do with that information ?
Regards

JDev 11gr1: Session expiry example from Frank Nimphius

Is the "ADF Faces: Detecting and handling user session expiry" http://thepeninsulasedge.com/frank_nimphius/2007/08/22/adf-faces-detecting-and-handling-user-session-expiry/
supposed to work with JDev/ADF 11g?
I noticed the following two issues:
1) When a session expires, is renewed and I get redirected to the desired page the GUI does not respond to any actions anymore (eg. button clicks).
2) Concerns JDev embedded WLS.
The session id (requested session for the first app request) is only null when the app is run for the first time after starting JDev. For every subsequent run a session id is existent already. So the implemented logic in ApplicationSessionExpiryFilter.doFilter causes a redirect.
Session ids look like this for a 2nd run:
requestedSession : lKyvJQ9Wvb1jyHfjRcXVqydvJjpLvT1QwWHTM1PbpTTsmLpWM06L!-744873777
currentWebSession: KKbnJQCXkyMGTbtxJ0kSVm72yGTX5zJnQBmgk3RJvpcFs7n1ynrl!-744873777!1224770231186

Hi,
saying it this way: the solution will have its equivalent in ADF Faces RC. There are two major changes in ADF Faces RC
- The server is WLS and no longer OC4J, which means that the WLS session handling needs to have a look at
- ADF Faces RC uses a lot more PPR (Ajax requestst) and less page redirects. So I am not sure that the servlet will know for certain about the context that it is in when the session expired
So in summary I would think that the sample is broken in JDeveloper 11
Frank

Detecting user session expiry in secure connection

I have implemented Frank's method of detecting expired session (http://thepeninsulasedge.com/frank_nimphius/2007/08/22/adf-faces-detecting-and-handling-user-session-expiry/)-
basicaly we call session expired when requested session is not equal to current web session:
String requestedSession =
((HttpServletRequest)request).getRequestedSessionId();
String currentWebSession =
((HttpServletRequest)request).getSession().getId();
boolean sessionOk =
currentWebSession.equalsIgnoreCase(requestedSession);
It works perfectly well when I am launching application in OC4J, but it doesnt if I use JBoss with secure connection and session id in cookie- requestedSession and requestedSession is always the same
Is there a way to detect session expiry using secure connection?

Thank You for the answer Frank.
unfortunately I cannot see full view of how this proposal differ from what I am doing..
Can You please be more specific...
As I understand, I am doing exactly the same with:
String requestedSession =
((HttpServletRequest)request).getRequestedSessionId();
String currentWebSession =
((HttpServletRequest)request).getSession().getId();
or you mean to save currentWebSession somewhere else?

Detecting and handling user session expiry

I have implemented Frank's method of detecting expired session (http://thepeninsulasedge.com/frank_nimphius/2007/08/22/adf-faces-detecting-and-handling-user-session-expiry/)-
basicaly we call session expired when requested session is not equal to current web session. If requested session is null then we say its innitial request.
But there is situation when this doesn't work properly:
We are closing our application, but we dont close the browser. Then if we try to open our application again (initial request) our code detects session expiry error, becouse requested session is not null...
Is there I way to make it work properly?

I have implemented Frank's method of detecting expired session (http://thepeninsulasedge.com/frank_nimphius/2007/08/22/adf-faces-detecting-and-handling-user-session-expiry/)-
basicaly we call session expired when requested session is not equal to current web session. If requested session is null then we say its innitial request.
But there is situation when this doesn't work properly:
We are closing our application, but we dont close the browser. Then if we try to open our application again (initial request) our code detects session expiry error, becouse requested session is not null...
Is there I way to make it work properly?

Session expiry method

Ive read the Servlet 2.3 spec and can see no mention of the following - what should a web container do to the session object when the session has expired?
When a client accesses an expired session ,should they be given a null reference, or should the server have called invalidate() on the session, maintaining the object reference, but unbinding all objects on it?
The reason I ask is that I have been given some small web apps to migrate from one j2ee server to another (from Websphere to Weblogic), and as an in between step, Ive got them running on Tomcat 4 on my local machine. I have noticed that the session expiry page of the application is triggered by the session being null, which works on Websphere, but on Weblogic, the session object is not null when it expires, just invalidated, therefore the application does not work as well.

When session expires, container unbounds all attributes, then calls invalidate() method. ( here HttpSessionListener works for listening to session invalidation or expiration )
You can check session is valid by :
if ( session.isNew() ) {
// Session is valid
}OR
if ( request.isSessionIdValid() ) {
// Session is valid
}get it ?
Behrad

Error while setting up OSSO agent for OAM

I am trying to configure OAM 11gR2 and am trying to setup mod_OSSO as the agent. As mentioned in the documentation I have copied mod_osso.conf file from the <ORACLE_
INSTANCE>/config/OHS/<OHS_INSTANCE>/disabled directory to the <ORACLE_INSTANCE>/config/OHS/<OHS_INSTANCE>/moduleconf directory. I had then updated location of the mod_osso.conf file in the file (mod_osso.conf).
When I now try to restart the HTTP server I get the following error message in the log:
"Unable to deobfuscate <mod_osso.conf location> [zterror: Unknown Verifier Version]"
Does anyone know why I am seeing this error?
Regards,
Srini.

I am having the same problem:
detail:
I have set the echange parameters
com.sap.aii.server.contextRoot.repository.services=rep
com.sap.aii.server.httpport.repository=50000
com.sap.aii.server.name.repository=xiserver
TA: SLDAPICUST hostname=xiserver
=>Check/maintain with report SPROX_CHECK_IFR_ADDRESS
returns
im exchange profilealdxi01:50000/rep
=>Check with report SPROX_CHECK_IFR_RESPONSE
givers: Integration Builder data not un
se38 shows a wrong url when debuging
http://xiserver:50000/rep/ifraccess?service=query&type=namespace
any suggesting
sproxy only shows the local entries and not the XI interfaces

Mod-osso agents session expiry - Query

Similar Messages

Maybe you are looking for