Popu window before session timeout

Similar Messages

• Passivation of Application Module before session timeout

  Hi,
  JDeveloper : Studio Edition Version 11.1.2.3.0
  Oracle 11g Database
  WLS - 10.3.5
  I have an application (ADF BC and ADF Faces) built with jsff fragment and I have set user session time out in 4 hours.
  After some time (even before 1 hour of inactivity) I receive following error and unable to work on the page. I have to log out and login again to proceed.
  After approx 20 minutes of inactivity I can see the following log messages:
  <LoopDiagnostic> <dump> [12212] variables variables passivated >>> enterScheduledTimeSheet1_tsDate=2013-05-02
  <LoopDiagnostic> <dump> [12213] variableIterator variables passivated >>> TrackQueryPerformed def
  <LoopDiagnostic> <dump> [12214] variableIterator variables passivated >>> TrackQueryPerformed def
  <LoopDiagnostic> <dump> [12215] variableIterator variables passivated >>> TrackQueryPerformed def
  <LoopDiagnostic> <dump> [12216] variableIterator variables passivated >>> TrackQueryPerformed def
  <LoopDiagnostic> <dump> [12217] variableIterator variables passivated >>> TrackQueryPerformed def
  <DCUtil> <findSpelObject> [12218] DCUtil, returning:oracle.jbo.uicli.binding.JUFormBinding, for com_core_fragments_timesheet2ListingPageDef_com_core_task_flows_timesheet_task_flow_xml_timesheet_task_flow
  <JUCtrlHierNodeBinding> <release> [12219] released: ROOT node binding:noCtrl_oracle_adfinternal_view_faces_model_binding_FacesCtrlHierNodeBinding_587, value:TimesheetProjectsVO1Iterator
  <JUCtrlHierNodeBinding> <release> [12220] released: ROOT node binding:noCtrl_oracle_adfinternal_view_faces_model_binding_FacesCtrlHierNodeBinding_588, value:TimeTakenList1Iterator
  <JUCtrlHierNodeBinding> <release> [12221] released: ROOT node binding:noCtrl_oracle_adfinternal_view_faces_model_binding_FacesCtrlHierNodeBinding_590, value:TbaaTimesheetDailyentryView1Iterator
  <DCIteratorBinding> <releaseDataInternal> [12222] Releasing iterator binding:variables
  <DCIteratorBinding> <releaseDataInternal> [12422] Releasing iterator binding:allClients1Iterator1
  <DCIteratorBinding> <releaseDataInternal> [12423] Releasing iterator binding:allClients1Iterator2
  <ApplicationPoolImpl> <resourceStateChanged> [12424] ApplicationPoolImpl.resourceStateChanged wasn't release related. No notify invoked.
  <ApplicationModuleImpl> <resetState> [12425] Resetting AM=Root
  Is there any way to keep the session alive and keep the application state alive till session times out (4 hours in this case).
  Do I need to setup any other parameters etc.
  Thanks in advance.

  You should read http://download.oracle.com/docs/cd/E15523_01/web.1111/b31974/bcstatemgmt.htm#sm0318 and http://download.oracle.com/docs/cd/E15523_01/web.1111/b31974/bcampool.htm#sm0299 as these parameters control when the application module gets passivated.
  However, if you see this kind of problem it points to a general problem with activation/passivation in your application modules. I strongly recommend that you test your application with application module polling turned off. Then the application module is passivated after each request and errors in this region should pop up even on the developer pc.
  For more info read http://tompeez.wordpress.com/2011/07/08/jdev-always-test-your-app-with-applicationmodule-pooling-turned-off/
  Timo

• Apex Version 4.2: Why doesn't the session timeout parameter settings work?

  Prior to an upgrade to Apex Version 4.2.0.00.27, we ran Apex Version 4.1 in our environment. This is on a platform using Oracle Database Enterprise Edition 11g R2 on Windows Server 2008. The session timeout parameters (set for a single application using "Shared Components" -> "Security Attributes") were set to the following:
  Maximum Session Time: 1 day
  Maximum Session Idle Time: 8 hours
  This worked with no problems in Apex 4.1; our user would leave a data entry form open for several hours, complete the data entry then submit the page. Now, with the upgrade to Apex 4.2, doing the same thing causes the system to redirect to the login page and aborting any edits or new data entered into the form previously.
  I have tried to set both session parameters to ZERO (0) which is what the documentation explains is the equivallent to "no timeout" but that didn't work as well.
  I have reset the session control parameters to what they were before the upgrade and my session times out before the time values I set. (on the version 4.2 upgraded instance).
  Why was the session timeout parameters I set ignored by the system? Can anyone else out there confirm/repeat the problem I observed?

  Hi Richard,
  You probable have it ok, but the time should be in seconds.
  Kees

• Implementing session timeout in JSP - - Urgent help !

  Hi
  I have a requirement where I need to write a session timeout functionality in a JSP such that the page is redirected to a different page if there is no activity for 5 min.
  I tried the following :
  1.On the onload of my JSP, i created a new session from the current request using the following code snippet :
            HttpSession pSession = request.getSession(true);
            pSession.setAttribute("loggedin","true");
            pSession.setMaxInactiveInterval(10);
  2. Then on any action performed on the JSP, i called the collowing JS function before invoking the server side code.
  /** function to check the user session **/
  function fnChkSession()
       alert('Inside check session');
       <%
            try
                 System.out.println("The value of the session var loggedin : "+pSession.getAttribute("loggedin").toString());
                 System.out.println(" getMaxInactiveInterval() value is : "+pSession.getMaxInactiveInterval());
            catch (Exception e)
                 System.out.println("** Inside the fnChkSession exception catch block **");
            if (pSession.getValue("loggedin") == null)
       %>
            alert('Session has expired');
            document.forms[0].submit();
       <% } %>
  But when I execute this code ,even after 10 secs my session seems to be alive.I can retrieve the session attribute after 10s.
  I also tried setting the session-timeout value in the web.xml. It didnt work.
  Can anyone pls help me on how to proceed further on this.
  Thanks
  Arun B

  You are confusing java with javascript.
  These two things are not the same.
  The lifecycle goes something like this
  1 - Request is made to server
  2 - Java/JSP runs java code, produces HTML page
  3 - java stops running
  4 - html is sent to browser, and javascript starts running.
  You cannot call java code from browser events (such as onload, onclick, onchange...) The only way to run java code again is to submit a request (normally by submitting a form, or clicking a link. )
  If you want a javascript solution, in IE, use the window.setTimeout() method to execute some javascript code after a certain period of time.
  A more generic approach would be to use the refresh header. Set the timeout for the refresh header to be 300 seconds. If the user stays on the same page for more than 5 minutes, it will redirect to the new page.
  Hope this helps,
  evnafets

• Dot1x session timeout issue

  Hi
  currently we have an issue with our new dot1x authenticated WLAN. The clients get disconnected when the session timeout expires. As I have discussed with TAC the session timeout forces the client to reauth against RADIUS but should not disassoc him (for non-dot1x-SSIDs it will actually disassoc you by design)
  Each time a client is ejected the following message is produced:
  May 10 09:59:20 xxx *Dot1x_NW_MsgTask_0: May 10 09:59:21.014: %DOT1X-3-INVALID_WPA_KEY_MSG_STATE: 1x_eapkey.c:848 Received EAPOL-key M2 msg has invalid information when mobile is in START  state - invalid secure bit; KeyLen 24, Key type 1, client xxx
  A workaround is either to:
  a) Disable session timout (but we need to check for revoked certs)
  b) Switch from WPA2 to WPA(1)
  So far I've tested with:
  - Win7 and Centrino 6205 (newest driver)
  - Same laptop and some random Realtek USB-Stick
  - Same laptop complete new and blank Windows install (without McAfee HIPS & AV) and both NICs
  - Also an ancient LAP1231, currently this is a 3502
  The interesting part is that we don't seem to have any issues with Ubuntu and Android clients and also an iPad seems to work fine. We are currently running 7.0.240.0, but I also tested with 7.4.103.6 (dev release). The ACS is runnign 5.2 and acknowledges the client fine during reassoc, but for some reason the controller disconnects him.
  There are no strange messages in the Windows event log. Do you have any idea what is causing this? A collegue of mine is facing the same issue at a differen company. TAC seems to be stumped, unfortunatly.

  After some months of playing with TAC we found the issue: It was wrong of TAC to suggest inceasing the EAPOL-Key Timeout. Actually you have to lower this timeout, because it initiates the retransmission of the EAPOL-key request.
  It looks like Win7 changed the behavior somehow (Win XP works fine) and has a more aggressive timeout. Also the first try always fails for some reason still unknown. When the timeout is to large Win 7 diassocs before the controller has a chance to retransmit. I have lowerd the value to 400ms and increased the repeat count which keeps the clients stable again.
  Case is still going on to find out why the first try to reauth fails, something with invalid MIC in M2? My current EAP settings are:
  EAP-Identity-Request Timeout (seconds)........... 5
  EAP-Identity-Request Max Retries................. 3
  EAP Key-Index for Dynamic WEP.................... 0
  EAP Max-Login Ignore Identity Response........... enable
  EAP-Request Timeout (seconds).................... 5
  EAP-Request Max Retries.......................... 3
  EAPOL-Key Timeout (milliseconds)................. 400
  EAPOL-Key Max Retries............................ 4
  EAP-Broadcast Key Interval....................... 3600
  This also got me thinking about the other timeouts and I decreased those as will. Take the EAP-Identity-Request Timout. If you set it to 30 seconds and the first packet ist lost somehow than the client needs to wait 30 seconds for auth, that does not make sense.
  https://supportforums.cisco.com/docs/DOC-12110

• CC5.X Session Timeout?

  Hello,
  In CC5.3, where can I adjust the "session" timeout? By session timeout, I'm referring to how long can I have Compliance Calibrator open in an IE window and leave it idle before CC automatically logs me off? It must, by default, be set for a long period of time because I've had CC windows sit idle for hours+ at a time and come back and CC has not kicked me out. When I leave a CC window open overnight and come back the next day, then I get kicked out. But I can't seem to find this setting anywhere.
  Any help would be greatly appreciated - thanks!
  Jes

  Jes,
  This is a Visual administrator setting. Please log into the visual admin and follow the path shown below:
  Server 0 0_xxxx --> Services -->Configuration Adapter --> webdynpro --> sap.com --> tcwddispwda.
  and Choose the file PropertySheetdefault.
  Now you will see the default expiration time field. You can set the new value here.
  If you don't have access to Visual admin. Please contact your Basis team.
  Hope this helps.
  Naveen

• SharePoint 2010 / 2013 web browser session timeout

  1) What settings govern how long a user is authenticated in SharePoint before they need to enter their credentials again in the browser ?
  2) How to check what these default session timeouts are and how to change them ?
  Thanks,
  Mario

  Thanks Inderjeet and Lakshmanan for the links.
  I did some more research, and here are my findings regarding SharePoint authentication cookies:  (We are using claims with Windows NTLM authentication in SharePoint 2010)
  Per the white paper at
  http://download.microsoft.com/download/9/F/6/9F69FEBA-614B-483F-9CF2-60225D75E81E/persistent-cookies-whitepaper.docx : "SharePoint sites create persistent cookies with a default time-out value of 10 hours for sites that use Windows claims or forms-based
  authentication claims"
  I verified this by running the following PowerShell command:
  Get-SPSecurityTokenServiceConfig | select WindowsTokenLifetime
  which returned 10:00:00 (i.e. 10 hours) and matches the default cookie timeout in the white paper.
  However, in my testing, I found that once I logged in, I was able to access the site without re-entering my credentials even after 10 hours, so I'm not sure what exactly controls the session timeout.
  Also, the white paper mentions that by default SharePoint uses persistent authentication cookies that are saved to disk. However, even after deleting all cookies from my browser, I am still able to access the site without entering credentials. (I only need
  to re-enter credentials once I close the browser and reopen the SharePoint site in the browser again) . The only cookies I see are related to '/_vti_bin/Discovery.asmx' and I don't think that these are the authentication cookies.
  To summarize - my test results were not consistent with the default timeout of 10 hours, and I was unable to find the SharePoint authentication cookie. Interested to hear if anyone has any thoughts on this.
  Thanks,
  Mario

• How to configure a session timeout for DynPro applications?

  Hello,
  1. Where can I configure the session timeout of the DynPro applications?
  2. Can I configure a session timeout per application and how do I do that?

  Hello Heidi,
  I am not familiar with this property:
  1. Where can I configure it?
  2. Does it apply to every application at the portal?
  3. What if I would like to configure just one application?
  By the way, I have noticed that the DynPro application has an expirationTime property. The documentation says this:
  Specifies the lifetime in seconds of a Web application on the server before the Web application is terminated by the server. The value of the DefaultExpirationTime parameter of the system configuration is used as the default value.
  My question is if someone tried to use this property?
  Message was edited by: Roy Cohen

• Session Timeout directly taking to login page

  Hi,
  In our application when session time out happens, it is directly taking to login page, instead of showing the time out error message . We have a CustomExceptionHandler defined in our application. When I debugged, I identified that the following error message
  <StateManagerImpl><restoreView> Could not find saved view state for token -ppfn0o4n8 (*ADF_FACES-30107)*
  comes when user clicks login the second time.
  We want to know how to get the error message first before it goes to the login page? Any configuration we are missing?
  Here is our applications web.xml
  <?xml version = '1.0' encoding = 'UTF-8'?>
  <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" version="2.5" xmlns="http://java.sun.com/xml/ns/javaee">
  <description>Empty web.xml file for Web Application</description>
  <context-param>
  <param-name>javax.faces.STATE_SAVING_METHOD</param-name>
  <param-value>client</param-value>
  </context-param>
  <context-param>
  <param-name>jndiContext</param-name>
  <param-value>inv</param-value>
  </context-param>
  <context-param>
  <param-name>UserEnvironmentName</param-name>
  <param-value>UserEnvironment</param-value>
  </context-param>
  <context-param>
  <param-name>CacheConfigureFile</param-name>
  <param-value>inv-cache.xml</param-value>
  </context-param>
  <context-param>
  <param-name>SecurityRepositoryClass</param-name>
  <param-value>oracle.communications.inventory.api.framework.security.impl.SecurityRepositoryImpl</param-value>
  </context-param>
  <context-param>
  <description>Whether the 'Generated by...' comment at the bottom of ADF Faces HTML pages should contain version number information.</description>
  <param-name>oracle.adf.view.rich.versionString.HIDDEN</param-name>
  <param-value>false</param-value>
  </context-param>
  <context-param>
  <param-name>oracle.adfinternal.view.rich.libraryPartitioning.ENABLED</param-name>
  <param-value>true</param-value>
  </context-param>
  <context-param>
  <param-name>ilog.views.faces.CONTROLLER_PATH</param-name>
  <param-value>/_contr</param-value>
  </context-param>
  <context-param>
  <param-name>ilog.views.faces.CONTENT_LENGTH_ENABLED</param-name>
  <param-value>true</param-value>
  </context-param>
  <context-param>
  <description>If this parameter is true, there will be an automatic check of the modification date of your JSPs, and saved state will be discarded when JSP's change. It will also automatically check if your skinning css files have changed without you having to restart the server. This makes development easier, but adds overhead. For this reason this parameter should be set to false when your application is deployed.</description>
  <param-name>org.apache.myfaces.trinidad.CHECK_FILE_MODIFICATION</param-name>
  <param-value>false</param-value>
  </context-param>
  <context-param>
  <param-name>APPLICATION_NAME</param-name>
  <param-value>Unified Inventory Management</param-value>
  </context-param>
  <context-param>
  <param-name>COPYRIGHT_FROM_YEAR</param-name>
  <param-value>2007</param-value>
  </context-param>
  <context-param>
  <param-name>COPYRIGHT_TO_YEAR</param-name>
  <param-value>2011</param-value>
  </context-param>
  <context-param>
  <!-- Maximum memory per request (in bytes) -->
  <param-name>org.apache.myfaces.trinidad.UPLOAD_MAX_MEMORY</param-name>
  <!-- Use 500K -->
  <param-value>512000</param-value>
  </context-param>
  <context-param>
  <!-- Maximum disk space per request (in bytes) -->
  <param-name>org.apache.myfaces.trinidad.UPLOAD_MAX_DISK_SPACE</param-name>
  <!-- Use 100M -->
  <param-value>104857600</param-value>
  </context-param>
  <filter>
  <filter-name>trinidad</filter-name>
  <filter-class>org.apache.myfaces.trinidad.webapp.TrinidadFilter</filter-class>
  </filter>
  <filter-mapping>
  <filter-name>trinidad</filter-name>
  <servlet-name>Faces Servlet</servlet-name>
  <dispatcher>FORWARD</dispatcher>
  <dispatcher>REQUEST</dispatcher>
  </filter-mapping>
  <listener>
  <listener-class>oracle.communications.inventory.api.framework.listener.ContextListener</listener-class>
  </listener>
  <listener>
  <listener-class>oracle.communications.inventory.ui.framework.IlogContextListener</listener-class>
  </listener>
  <!-- Cartridge Installer servlet for post re-deploy -->
  <listener>
  <listener-class>
  oracle.communications.inventory.cartridge.deploy.CartridgeInstallerServletContextListener
  </listener-class>
  </listener>
  <persistence-context-ref>
  <persistence-context-ref-name>persistence/EntityManager</persistence-context-ref-name>
  <persistence-unit-name>default</persistence-unit-name>
  </persistence-context-ref>
  <listener>
  <listener-class>oracle.adf.mbean.share.connection.ADFConnectionLifeCycleCallBack</listener-class>
  </listener>
  <listener>
  <listener-class>oracle.adf.mbean.share.config.ADFConfigLifeCycleCallBack</listener-class>
  </listener>
  <servlet>
  <servlet-name>BIGRAPHSERVLET</servlet-name>
  <servlet-class>oracle.adfinternal.view.faces.bi.renderkit.graph.GraphServlet</servlet-class>
  </servlet>
  <servlet>
  <servlet-name>BIGAUGESERVLET</servlet-name>
  <servlet-class>oracle.adfinternal.view.faces.bi.renderkit.gauge.GaugeServlet</servlet-class>
  </servlet>
  <servlet>
  <servlet-name>MapProxyServlet</servlet-name>
  <servlet-class>oracle.adfinternal.view.faces.bi.renderkit.geoMap.servlet.MapProxyServlet</servlet-class>
  </servlet>
  <servlet>
  <servlet-name>GatewayServlet</servlet-name>
  <servlet-class>oracle.adfinternal.view.faces.bi.renderkit.graph.FlashBridgeServlet</servlet-class>
  </servlet>
  <servlet>
  <servlet-name>media</servlet-name>
  <servlet-class>oracle.communications.inventory.ui.media.servlet.MediaServlet</servlet-class>
  </servlet>
  <servlet-mapping>
  <servlet-name>BIGRAPHSERVLET</servlet-name>
  <url-pattern>/servlet/GraphServlet/*</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>BIGAUGESERVLET</servlet-name>
  <url-pattern>/servlet/GaugeServlet/*</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>MapProxyServlet</servlet-name>
  <url-pattern>/mapproxy/*</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>resources</servlet-name>
  <url-pattern>/bi/*</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>GatewayServlet</servlet-name>
  <url-pattern>/flashbridge/*</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>media</servlet-name>
  <url-pattern>/media_image</url-pattern>
  </servlet-mapping>
  <resource-ref>
  <res-ref-name>wm/ruleWorkManager</res-ref-name>
  <res-type>commonj.work.WorkManager</res-type>
  <res-auth>Container</res-auth>
  <res-sharing-scope>Unshareable</res-sharing-scope>
  </resource-ref>
  <filter>
  <filter-name>JpsFilter</filter-name>
  <filter-class>oracle.security.jps.ee.http.JpsFilter</filter-class>
  <init-param>
  <param-name>enable.anonymous</param-name>
  <param-value>true</param-value>
  </init-param>
  <init-param>
  <param-name>remove.anonymous.role</param-name>
  <param-value>false</param-value>
  </init-param>
  <init-param>
  <param-name>addAllRoles</param-name>
  <param-value>true</param-value>
  </init-param>
  <init-param>
  <param-name>jaas.mode</param-name>
  <param-value>doasprivileged</param-value>
  </init-param>
  </filter>
  <filter>
  <filter-name>ADFLibraryFilter</filter-name>
  <filter-class>oracle.adf.library.webapp.LibraryFilter</filter-class>
  </filter>
  <filter>
  <filter-name>adfBindings</filter-name>
  <filter-class>oracle.adf.model.servlet.ADFBindingFilter</filter-class>
  </filter>
  <filter-mapping>
  <filter-name>JpsFilter</filter-name>
  <servlet-name>Faces Servlet</servlet-name>
  <dispatcher>FORWARD</dispatcher>
  <dispatcher>REQUEST</dispatcher>
  <dispatcher>INCLUDE</dispatcher>
  </filter-mapping>
  <filter-mapping>
  <filter-name>ADFLibraryFilter</filter-name>
  <url-pattern>/*</url-pattern>
  </filter-mapping>
  <filter-mapping>
  <filter-name>adfBindings</filter-name>
  <servlet-name>Faces Servlet</servlet-name>
  <dispatcher>FORWARD</dispatcher>
  <dispatcher>REQUEST</dispatcher>
  </filter-mapping>
  <servlet>
  <servlet-name>Faces Servlet</servlet-name>
  <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
  <load-on-startup>1</load-on-startup>
  </servlet>
  <servlet>
  <servlet-name>resources</servlet-name>
  <servlet-class>org.apache.myfaces.trinidad.webapp.ResourceServlet</servlet-class>
  </servlet>
  <servlet>
  <servlet-name>adflibResources</servlet-name>
  <servlet-class>oracle.adf.library.webapp.ResourceServlet</servlet-class>
  </servlet>
  <servlet>
  <servlet-name>adfAuthentication</servlet-name>
  <servlet-class>oracle.adf.share.security.authentication.AuthenticationServlet</servlet-class>
  <init-param>
  <param-name>success_url</param-name>
  <param-value>/faces/InventoryUIShell</param-value>
  </init-param>
  <load-on-startup>1</load-on-startup>
  </servlet>
  <servlet>
  <servlet-name>Controller</servlet-name>
  <servlet-class>ilog.views.faces.IlvFacesController</servlet-class>
  <load-on-startup>3</load-on-startup>
  </servlet>
  <servlet-mapping>
  <servlet-name>Faces Servlet</servlet-name>
  <url-pattern>/faces/*</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>resources</servlet-name>
  <url-pattern>/adf/*</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>resources</servlet-name>
  <url-pattern>/afr/*</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>adflibResources</servlet-name>
  <url-pattern>/adflib/*</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>adfAuthentication</servlet-name>
  <url-pattern>/adfAuthentication</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>Controller</servlet-name>
  <url-pattern>/_contr/*</url-pattern>
  </servlet-mapping>
  <session-config>
  <session-timeout>35</session-timeout>
  </session-config>
  <mime-mapping>
  <extension>html</extension>
  <mime-type>text/html</mime-type>
  </mime-mapping>
  <mime-mapping>
  <extension>txt</extension>
  <mime-type>text/plain</mime-type>
  </mime-mapping>
  <jsp-config>
  <jsp-property-group>
  <url-pattern>*.jsff</url-pattern>
  <is-xml>true</is-xml>
  </jsp-property-group>
  </jsp-config>
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>allPages</web-resource-name>
  <url-pattern>/</url-pattern>
  </web-resource-collection>
  <auth-constraint>
  <role-name>valid-users</role-name>
  </auth-constraint>
  </security-constraint>
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>Unsecured resources</web-resource-name>
  <url-pattern>/images/</url-pattern>
  <url-pattern>*.png</url-pattern>
  <url-pattern>*.gif</url-pattern>
  <url-pattern>*.jpg</url-pattern>
  <url-pattern>*.jpeg</url-pattern>
  <url-pattern>*.bmp</url-pattern>
  <url-pattern>*.css</url-pattern>
  <url-pattern>*.js</url-pattern>
  <url-pattern>/css/*</url-pattern>
  <url-pattern>/afr/blank.html</url-pattern>
  </web-resource-collection>
  </security-constraint>
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>adfAuthentication</web-resource-name>
  <url-pattern>/adfAuthentication</url-pattern>
  </web-resource-collection>
  <auth-constraint>
  <role-name>valid-users</role-name>
  </auth-constraint>
  </security-constraint>
  <login-config>
  <auth-method>FORM</auth-method>
  <form-login-config>
  <form-login-page>/faces/login.jspx</form-login-page>
  <form-error-page>/faces/error.jspx</form-error-page>
  </form-login-config>
  </login-config>
  <security-role>
  <role-name>valid-users</role-name>
  </security-role>
  <welcome-file-list>
  <welcome-file>/faces/InventoryUIShell</welcome-file>
  </welcome-file-list>
  </web-app>

  hi
  this can be done using a simple "Servlet Filters" which will check whether the user session is valid or not. so for every connect to the server the filter runs and redirects to the login page if the session has expired. here you can configure your filter to be activated for every URL or a patterns of urls.
  u need servlet2.3 supported server for this.
  hope this helps
  shrini
  I have an business j2ee application run on oc4j. When the session timeout declared on the web.xml expire, i want to redirect automaticaly the user to my login.jsp to force him to reconnect. I try j_security_chek, but i want to restart the business application at the top and not to the page which are request. Somebody know who i can do this mechanism. I try too special tag in jsp, this run very good but i have to repeate this call on every page. I look for an other simply mechanism to that
  Thanks

• How to set session timeout per user

  Hi,
  Ho do I set the session timeout per User in the
  Application.cfm File??
  I tried using
  <cfif SESSION.UID EQ 1>
  <CFAPPLICATION NAME="appControl" SESSIONMANAGEMENT="Yes"
  sessiontimeout="#CreateTimeSpan(0,0,20,0)#">
  </cfelse>
  <CFAPPLICATION NAME="appControl" SESSIONMANAGEMENT="Yes"
  sessiontimeout="#CreateTimeSpan(1,0,0,0)#">
  </cfif>
  But this didnt work because the cfapplication seems to have
  to be at the top before I call the variable SESSION.UID which
  I set on my login page..
  Someone know how to do this??
  Regards
  Martin

  Martin,
  Your code example cannot work because the "session" scope
  doesn't exist until your application scope is defined. So you have
  to handle this manually. Here's how you can get it done. First,
  define your application to the maximum sessiontimeout you want to
  have.
  <CFAPPLICATION NAME="appControl" SESSIONMANAGEMENT="Yes"
  SESSIONTIMEOUT="#CreateTimeSpan(1,0,0,0)#">
  Then, I don't know how you are doing your login
  authentication but when you have authenticated the user, you need
  to define the userid and the most recent activity in the session.
  Also determine your timeout value based on the userid. See example:
  <CFIF IS_AUTHENTICATED>
  <CFSET session.user.uid = form.userid>
  <CFSET session.user.most_recent_activity = now()>
  <CFIF session.user.id eq 1>
  <CFSET session.user.timeout_mins = 20>
  <CFELSE>
  <CFSET session.user.timeout_mins = 1440>
  </CFIF>
  </CFIF>
  Now, all you have to do is check whether the user has been
  idle for too long and kill the session by purging all session
  variables. For example:
  <!--- if user id is defined, this means user is logged in
  --->
  <CFIF structKeyExists(session, "user") and
  structKeyExists(session.user, "id")>
  <!--- check if timeout has expired --->
  <CFIF datediff("n", session.user.most_recent_activity,
  now()) gt session.user.timeout_mins>
  <!--- timeout has expired, kill the session and log the
  user out --->
  <CFSET StructClear(session)>
  <!--- insert your logout code here --->
  <CFELSE>
  <!--- user hasn't timed out, so reset the most recent
  activity to now --->
  <CFSET session.user.most_recent_activity = now()>
  </CFIF>
  </CFIF>

• Session Timeout

  I am trying to update/get new apps in iTunes for my iPhone.
  Before downloading, I am prompted to accept the new terms & conditions. After clicking accept, I get a timeout message:
  Session Timeout
  Your session has timed out. Please try this operation again from the beginning.
  I have tried this on a MBP at work, my iMac at home, and even directly on my iPhone, each giving the same message - over the course of this afternoon and evening. I have tried restarting, software updates, etc.
  Is there anywhere else I can go to accept these terms and get access to paid downloads again?
  C.

  I had the same problem trying to update my Touch iPod. While I was billed for the $9.95 fee, my connection was interrupted multiple times with the Session Timeout error message. The download does not show in my purchase history and nothing is showing up in 'Available Downloads' in iTunes. How do I either 1) get my money back or 2) get access to the download that I purchased?
  sdalek

• 'Session timeout" appears when creating account

  I am trying to create an iTunes account because I bought an iTunes gift card. Every time I try to create an account in the Music Store, and straight after I have accepted the terms and conditions, a screen comes up saying "Session timeout". I have never even logged in before and no one on my computer ever has. I have downloaded the newest version of iTunes, and done all the relevant connectivity tests etc. What can I do??

  Sorry, figured out my error: on the authentication page for session verify function I had to specify:
  return session_timeout;
  Then it worked as expected. Verified the cookie by creating a pl/sql region to fetch the cookie value and display on the page.

• Session timeout skillbuilders question

  Application security attributes settings
  Session Timeout  Maximum Session Length in Seconds   60
  On session timeout direct to this URL   <url>
  Maximum Session Idle Time in Seconds   45
  On session idle time timeout direct to this URL   <url>
  Session timeout component settings
  Name: SkillBuilders Session Timeout (1.0.1) [Plug-in]
  *Session Timeout Action  Alert
  *Session Timeout Message  Application will timeout shortly
  *Mask Browser Screen on Timeout  No
  *Session Idle Warning  Yes
  *Session Idle Title      Idle message Warning ( I cannot see this displayed but when I copied that area this came)
  *Session Idle Message    This application session will expire shortly! If you want to continue working please click ok on the alert.
  *Show Warning Seconds Before  40
  *Keep Session Alive           Yes
  So the moment I start my application and the login page is displayed i get the idle message displayed on the screen.  So my application should timeout in 1 minute. I should be alerted after 45 seconds.
  Are the settings correct?
    Murali

  Please keep in mind that maximum session length and idle time are two different things. The following configuration should satisfy your requirements
  Configure the following application attributes:
  "Maximum Session Length in Seconds" =  ??? -- you did not specify how long your session can last, if left blank it will revert to the instance level setting which defaults to 8 hours
  "Maximum Session Idle Time in Seconds" = 10800 -- the maximum amount of time the user as to interact with the server again
  Configure plugin settings:
  "Session Timeout Action" = ALERT
  "Session Timeout Message" = <your message>
  "Session Idle Warning" = Yes
  "Session Idle Title" = <your title>
  "Session Idle Message" = <your message>
  "Show Warning Seconds Before" = 900 -- 15 min x 60 seconds
  "Keep Session Alive" = Yes -- this will renew the session if the user interacts with the idle warning
  Please let me know if you have any questions.
  Good Luck!
  Tyson

• Session TimeOut -Email

  Hi All,
  Recently, the last 5 days, everytime I sign in to my verizon email account at work I immediately get an error message that says "Session TimeOut your session has ended please sign in again" I'm running Windows 7 and have tried both IE8 And firefox for browsers and get the same problem.
  Interestingly, when I sign into my verizon email account from my home computer I have no problems. Running Vista and using IE8 at home.
  Any thoughts on the problem would be much appreciated!!

  Either your work connection does not allow cookies to be saved or they have another security measure preventing access. This is not related to your account if you are able to login successfully from home. Please talk further with your works IT group.
  Anthony_VZ
  **If someones post has helped you, please acknowledge their assistance by clicking the red thumbs up button to give them Kudos. If you are the original poster and any response gave you your answer, please mark the post that had the answer as the solution**
  Notice: Content posted by Verizon employees is meant to be informational and does not supersede or change the Verizon Forums User Guidelines or Terms or Service, or your Customer Agreement Terms and Conditions or plan

• Session Timeout - Process as a webservice

  Hi ,
  I am using ALBPM v5.7.
  In this we are exposing our process as webservice.
  We are Invoking these webservice methods from portal deployed in BEA Weblogic Server,
  The procedure we are following is , starting the session and then invoking our methods -- method1 and method2.
  But , After invoking method1, In the portal, we are waiting for five minutes and then trying to invoke method2 of BPM using the same session,
  When we do this, It is throwing an exception,
  Invalid Session.
  We observed that if we invoke method2 before five minutes then it is working fine.
  So do we have any session timeout for the BPM Process, when we expose our process as a webservice.
  If so , could you please help me in resolving this issue?
  Thanks & Regards,
  Krishnaveni.

  Just input paramters inside the Begin Activity...
  Right Click on the Process and open Process Web-Service and add a Web-Service to it..
  Then start the engine in Studio..
  And then click on Launch Deployed WebServices Webapp..
  And you would get the endpoint..