Safari storing previous secure session data in plain text.

Similar Messages

• How to load data in plain-text file into database by using EJB?

  Hi,
  We need to develop an on-line application which requires us to load input data
  from a selected plain-text file on the Web server (iplanet server) into the backend
  oracle database. How could I use EJB to make it happen? it seems like using Entity
  EJB is not feasible.
  Really appreciate your help!
  Corona

  Hi Corona,
  "Corona Fang" <[email protected]> wrote in message
  news:3f3b0ea3$[email protected]..
  We need to develop an on-line application which requires us to load inputdata
  from a selected plain-text file on the Web server (iplanet server) intothe backend
  oracle database. How could I use EJB to make it happen? it seems likeusing Entity
  EJB is not feasible.If you are talking about loading thousands of records,
  the preferable way is using plain JDBC calls utilizing
  batch methods.
  Regards,
  Slava Imeshev

• Credentials in plain text

  I have the following code to authenticate to a SharePoint Online instance.Is there an alternative to storing the UserID and Password in plain text in the App.config?
  using (ClientContext clientContext = new ClientContext(spSiteUrl))
  SecureString passWord = new SecureString();
  foreach (char c in spPwd.ToCharArray()) passWord.AppendChar(c);
  clientContext.Credentials = new SharePointOnlineCredentials(spUserId, passWord);
  Web web = clientContext.Web;
  clientContext.Load(web, w => w.Title, w => w.Url);
  clientContext.ExecuteQuery();

  hi Gerard,
  Why don't you use this code ?
  clientContext.AuthenticationMode = ClientAuthenticationMode.Default;or ClientAuthenticationMode.FormsAuthentication //It will open the Microsoft Login Assistant windowSo your app can understand the authentication mode of the currently logged in user and also I would suggest you to look into  User Only policy or app+user policy on the permission.
  By using the you don't want to store,encrypt or decryption the password. Azure AD will take care of your authentication and  your app can manager the authorization.
  If you are creating the any automated task (Connecting Remotely ) using Console Application , then it won't work. You need to provide the User name and password in the console window.
  Murugesa Pandian.| MCPD | MCTS | SharePoint 2010

• RSA1 Error during the retrieval of the logon data stored in secure storage

  Hi Gurus,
  when i go and check Source system the connection is OK, and RFC's from BI to R/3  and R/3 to BI is OK (including Authentication).
  but when i go and check Info provider there one customized object ZDTSYS01 is there when i check and and activate it it is giving error as below.
  All DDIC objects have been activated / deleted
  Post Processing/Checking the Activation for DataStore Object ZDTSYS01
  Creating Export DataSource and dependent Objects
  The creation of the export DataSource failed
  Reading the Metadata of ZDTSYS01 ...
  Creating DataSource 8ZDTSYS01 ...
  Error during the retrieval of the logon data stored in secure storage
  Error during the retrieval of the logon data stored in secure storage
  Error when creating the export DataSource and dependent Objects
  Program ID DC4B105KR4QT1KDW9HD7AXYEO retrieved for DataStore object ZDTSYS01
  Error when activating DataStore Object ZDTSYS01
  Deletion of Unused Dictionary Objects ( 3)
  please help me solve this issue
  Thanks in advance
  venkat

  Hi,
  1). Looks like SM59 Remote user has some issues. Can you check whether the user's are locked ?
  2). You can also correct this is TA STMS. Here you navigate to "System Overview (Shift+F6)".
  On the following screen, you select "Generate RFC DESTINATIONS" which can be found under "Extras".
  3). Please click on source system and restore the BW source system
  Please check the below 2 SAP Notes.
  538052 and 644015.This might solve your problem.
  Thanks,
  Arjun

• Error during the retrieval of the logon data stored in secure storage

  Hi guys,
  Can anyone help us with this webservice Datasource Transport error.We have already done some Webservice datasources before and successfully transported but never had this error before.
  Error during the retrieval of the logon data stored in secure storage.
  Thanks
  Jay.

  Hi,
  maybe the user is not created successfully.
  You can correct this is TA STMS. Here you navigate to "System Overview (Shift+F6)".
  On the following screen, you select "Generate RFC DESTINATIONS" which can be found under "Extras".
  Best,
  Stephan

• Error during the retrieval of the logon data stored in secure storage RSAR0

  Hi Friends,
  during the replication process of a data source I get the error.
  "Error during the retrieval of the logon data stored in secure storage"  RSAR051
  I found note 538052 but this does not help so much.
  Can some one help me with this?
  Thanks in advance
  Rg. Jimbob

  Hi,
  We are getting  the same error when selecting "Customizing Extractors" option in Source System in TCode: RSA1. Please let me know how did u solved the problem.
  Thanks.

• Error reading stored session data

  CF8/IIS6/Win2k3
  getting a ton of these messages:
  04/02 15:00:39 error Error reading stored session data
  (ID=70307b52029b2dd2dadc1f364fe3e4c3463e)
  java.io.StreamCorruptedException: unexpected end of block
  data
  at
  java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1351)
  at
  java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1945)
  at
  java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1869)
  at
  java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1753)
  at
  java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1329)
  at
  java.io.ObjectInputStream.readObject(ObjectInputStream.java:351)
  at java.util.ArrayList.readObject(ArrayList.java:593)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
  Method)
  at
  sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  at
  sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:597)
  at
  java.io.ObjectStreamClass.invokeReadObject(ObjectStreamClass.java:974)
  at
  java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1846)
  at
  java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1753)
  at
  java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1329)
  at
  java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1945)
  at
  java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1869)
  at
  java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1753)
  at
  java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1329)
  at
  java.io.ObjectInputStream.readObject(ObjectInputStream.java:351)
  at
  coldfusion.runtime.SessionScope.readObject(SessionScope.java:211)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
  Method)
  at
  sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  at
  sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:597)
  at
  java.io.ObjectStreamClass.invokeReadObject(ObjectStreamClass.java:974)
  at
  java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1846)
  at
  java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1753)
  at
  java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1329)
  at
  java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1945)
  at
  java.io.ObjectInputStream.defaultReadObject(ObjectInputStream.java:480)
  at
  coldfusion.runtime.J2eeSessionScopeStub.readObject(J2eeSessionScopeStub.java:86)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
  Method)
  at
  sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  at
  sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:597)
  at
  java.io.ObjectStreamClass.invokeReadObject(ObjectStreamClass.java:974)
  at
  java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1846)
  at
  java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1753)
  at
  java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1329)
  at
  java.io.ObjectInputStream.readObject(ObjectInputStream.java:351)
  at java.util.Hashtable.readObject(Hashtable.java:859)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
  Method)
  at
  sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  at
  sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:597)
  at
  java.io.ObjectStreamClass.invokeReadObject(ObjectStreamClass.java:974)
  at
  java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1846)
  at
  java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1753)
  at
  java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1329)
  at
  java.io.ObjectInputStream.readObject(ObjectInputStream.java:351)
  at
  jrun.servlet.session.SessionService.retrieve(SessionService.java:1357)
  at
  jrun.servlet.session.SessionService.retrieve(SessionService.java:1341)
  at
  jrun.servlet.session.SessionService.restoreSession(SessionService.java:1259)
  at
  jrun.servlet.session.SessionService.restoreSessionState(SessionService.java:876)
  at
  jrun.servlet.session.SessionService.setClassLoader(SessionService.java:504)
  at
  jrun.servlet.WebApplicationService.postStart(WebApplicationService.java:300)
  at
  jrun.ea.EnterpriseApplication.start(EnterpriseApplication.java:203)
  at
  jrun.deployment.DeployerService.initModules(DeployerService.java:708)
  at
  jrun.deployment.DeployerService.createWatchedDeployment(DeployerService.java:243)
  at
  jrun.deployment.DeployerService.deploy(DeployerService.java:428)
  at
  jrun.deployment.DeployerService.checkWatchedDirectories(DeployerService.java:179)
  at
  jrun.deployment.DeployerService.run(DeployerService.java:889)
  at
  jrunx.scheduler.SchedulerService.invokeRunnable(SchedulerService.java:230)
  at
  jrunx.scheduler.ThreadPool$ThreadThrottle.invokeRunnable(ThreadPool.java:428)
  at jrunx.scheduler.WorkerThread.run(WorkerThread.java:66)
  Here is the arguments line in my jvm:
  # Arguments to VM
  java.args=-server -Xmx512m -Xms512m -XX:MaxNewSize=24m
  -XX:NewSize=24m -XX:+UseParNewGC -XX:+CMSParallelRemarkEnabled
  -XX:+UseConcMarkSweepGC -Dsun.io.useCanonCaches=false -Xdebug
  -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=2702
  -Dcoldfusion.rootDir={application.home}/

  Beyond this I have not been able to identify or figure out
  what is causing the issue. I did a double check and some of the
  times are outside of our nightly back-up schedule. It looks like
  this issue hasn't happend for me since 27 Aug. I couldn't say why
  though. I'm hoping Adobe has an answer.
  Thx

• Session Data Lost Between JSP's

  Hello,
  I am using Oracle 10g Application Server (9.0.4) on SunOS 5.8. I am trying to upgrade an application previously written for Oracle 9iAS 9.0.2.
  A single JSP (myFile.jsp) is called via a POST operation, and it is initally used to create a frameset that contains two frames. Each frame has a URL link to the same JSP file, with some additional parameters:
  <frameset border="0" rows="*,70">
  <frame NAME="topFrame" SRC="myFile.jsp?PARAMETER1=hello&amp;PARAMETER2=goodbye"/>
  <frame NAME="bottomFrame" SRC="myFile.jsp?PARAMETER1=hello&amp;PARAMETER2=goodbye"/>
  </frameset>
  The problem is that when myFile.jsp is called to generate the actual page for the frames, all the HttpServletRequest data has gone, and only the parameters passed in the Query String remain. I don't want to lose the original POST data - in fact, when I used this on Oracle 9iAS 9.0.2 it preserved the POST data and added the additional queries from the query string so all the parameters were available.
  Has the behaviour of the session manager changed that much between Oracle 9iAS and Oracle 10g 9.0.4? How can I achieve my goal on 9.0.4?
  I tried adding the original POST request to the HttpSession variable as follows:
  session.setAttribute("PARENT_REQUEST",request);
  and then extracting the request data when the JSP is called on subsequent occasions as follows:
  HttpServletRequest newRequest = (HttpServletRequest) session.getAttribute("PARENT_REQUEST");
  But 'newRequest' is actually empty, and it doesn't create an exception. If I debug the session object I notice 2 things:
  1. The session ID remains the same througout all calls of myFile.jsp.
  2. The memory location pointed to by the parameter "PARENT_REQUEST" also remains the same, in the format:
  com.evermind.server.http.AJPHttpServletRequest@1bd5093
  If the session object being passed around by cookies remains consistent, why can I not extract the PARENT_REQUEST attribute from it on subsequent calls to myFile.jsp? Have I misunderstood how HttpSession works? How can I modify my JSP's so that data stored during a session is made available to subsequent calls to myFile.jsp?
  I appreciate any insight you can offer!

  Has the behaviour of the session manager changed that much between Oracle 9iAS and
  Oracle 10g 9.0.4? How can I achieve my goal on 9.0.4?If your experience did suggest something has changed from 9.0.2 to 9.0.4, I would believe that it is more about request management.
  If the session object being passed around by cookies remains consistent, why can I not
  extract the PARENT_REQUEST attribute from it on subsequent calls to myFile.jsp? Have
  I misunderstood how HttpSession works? How can I modify my JSP's so that data stored
  during a session is made available to subsequent calls to myFile.jsp?The "request" in the following code
  session.setAttribute("PARENT_REQUEST", request);
  is just a pointer to the actual request object. Other code, especially the server internal code that manage the http requests and responses can see and manipulate that actual request object. For example, although I am not sure if it is the case, the request objects can be pooled and reused. So it is possible that although "The memory location pointed to by the parameter "PARENT_REQUEST" also remains the same, in the format: com.evermind.server.http.AJPHttpServletRequest@1bd5093", the actual request object at that memory location may have changed. The right way to preserve the original request object is to make a private deep copy of it; however there is no easy way to do that.
  Well, an easy way out is to store directly what you need from the original request. If you would like to store the parameters, try
  session.setAttribute("origParams", request.getParameterMap().clone());
  Although this clone() does a shallow copy, it is probably good enough. To be absolutely sure, you can make a deep copy of everything you need and store them.
  Good luck!

• How do I access session data through an EJB?

  Hi
  How do I access session data through an EJB?
  I am currantly developing a Web service (using ejb's, JBoss.net and Apache Axis). A client making a call to this Web service, is expecting a bussiness-object in return. My problem is that this bussiness-object i stored in a users session data. How do I retrieve this bussiness-object from the users session.
  I have read that this does not work with httpsessions, is this true? If this is true, is it possible to store the bussiness object in a JavaBean e.g:
  <jsp:useBean id="userContextWebImpl" scope="session" class="com.ac.march.client.UserContextWebImpl">
  <%
  String key = "test";
  String value = "This is the value";
  userContextWebImpl.setValue( key, value1 );
  %>
  </jsp:useBean>
  and then retrieve this information through the EJB? Or is it possible to do this by using Statfull JavaBeans? Or can this be done through a nother solution?
  Please help!

  I have created a JavaBean with scope="application" to store some data. The data is stored when a user prefomes a spesific task.
  A different person then makes a call to a Web-Service on the server. The Web-Service then asks an EJB to retrieve the data stored in the JavaBean (servlet cotext). In other words: How do I retrieve this data from the EJB?
  I have tried with this code, but with no luck.
  (ApplicationContextWebImpl is the JavaBean)
  public static String getBookingResult( String key )
       String myResult = null;
       String myKey = key;
       ApplicationContextWebImpl applicationContextWebImpl = null;
       try
            applicationContextWebImpl = new ApplicationContextWebImpl();
            myResult = (String)applicationContextWebImpl.getValue( key );
       catch ( java.rmi.RemoteException e )
       return myResult;
  }

• How to replicate session data at the user level?

  Hi all,
  my client has users who use laptop/tablet computers in the field with wireless connections. The application requires the users to complete long multi-page forms where the data is only submitted to the EIS layer at the end of the process. The connections regularly drop out which understandably is a cause of some grief. In addition, the users want to be able to switch to another machine in order to complete their session.
  The 'switching machine' requirement kills the idea of using persistent cookies and session replication unfortunately. So I am faced with the idea of storing the session data (keyed by user id), in serialized form, either on a stand-alone disk which is accessible by each webserver in the cluster or is the database. The problem with the database idea is the performance hit of traversing the EJB and JDBC layers.
  Can anyone suggest the best practice in this case? Or point to an article or tool that covers the problem?
  BTW, the app serves a small (<50) and stable base of authenticated users so scalability is not really an issue whereas failover is.
  Regards,
  Dave.

  > Is it possible to close a PO at the header level
  Po can be closed at Item level and not Header level. You can set Deletion Indicator and further can be archived thru SARA MM_EKKO
  or a way to deactivate the PO so that no new items can be added?
  You can activate Release strategy and Choose a Proper Release indicatory so that no new changes to be carried out.
  Else go for User Exits

• All of my previous security exceptions disappeared when I upgraded Firefox and I have NO list of what they were; how do I get them back?

  I was pestered to death by Firefox to upgrade to 12.0. I am really sorry I did. I lost all my Security Exceptions. Tools > Options > Security > Exceptions All of my previous security exceptions disappeared when I upgraded Firefox. They are gone and I have NO list of what they were. Is there ant way to bring them back?

  The security exceptions that allow other sites to install software?
  Which version did you have before -- 3.6.x or Firefox 11?
  I don't know whether you regularly back up your computer, but if you have a backup of your Firefox profile folder, then that data should be in there. If you can locate a backup copy of permissions.sqlite, you could use a utility to extract the list. (Or find a volunteer here to assist you with that.)
  By the way, did your pop-up exceptions and image exceptions carry over? You can check those under Tools > Options > Content.

• Do you know where session data store on server?

  hi I have a problem colud you help me? I created a servlet which includes a session and it takes two parameters and write them into html page. Now i want to know how i can see session data .I mean session doesn't create cookie so it doesn't set cookie on client.It must keep data on server. I use tomcat and I couldn't see any file which contain data.

  It is stored in memory. Some servers may serialize the sessions to a file when the server shuts down but the session is mantained in memory when the server is running.
  If you want to track data added to a session you could use the HttpSessionAttributeListener to record when data is put in a session.

• Playing with Session Data in Flex App

  Hi!
  I'm trying to figure something small out.
  1. Users login to (Index.php) and Session information is stored.
  2. When I want to display specific session data, I use the code: $session->username
  Now for the Flex Application
  How do I display that "$session->username" in a label? on that exact page? (Index.php which loads the Flex App)
  Any help is really appreciated.
  Thanks!

  I am going to assume by, "with subnods(sp)" you mean things nested like a tree control in the rows.  The name of this control in Flex is AdvancedDataGrid, with that a simple google reveals:
  http://flexgeek.wordpress.com/2007/06/13/simple-ganttchart-using-advanceddatagrid-of-flex-30-moxie/
  http://flexpearls.blogspot.com/2007/06/advanceddatagrid-summary-roll-up-sample.html
  http://livedocs.adobe.com/labs/flex/3/langref/mx/controls/AdvancedDataGrid.html
  Adobe Labs info with known issue list:
  http://labs.adobe.com/wiki/index.php/Flex_3:Feature_Introductions:_Advanced_DataGrid

• Shared Session Data

  Hello Everyone,
  I have a problem that I could not seem to find a solution or best methods and practices for.
  I have session level data abstracted by a package API and accessed query-inline via a table function. All this works fine; however, there is one caveat that does not. The query SQL is passed to a jobs table and executed by a scheduled job. So the job session can not see the user session data.
  Is there a way to:
  1) Share Session data?
  2) define a table as containing Session temporary data, but public scope?
  3) Group Sessions or grant session privileges (to share scope)?
  4) Run a process/job under a different Session ID, or with specific Session privileges?
  5) Call a procedure or function from one session, but have it Execute under a different session?
  As it stands, I can either copy the data out to a permanent table (and manually implement Session ID, and Session level cleanup), change the current API and underlying global temporary table to a permanent table (and again manually implement Session ID, and Session level cleanup), or before job scheduling parse the SQL, and expand the function table data into the SQL statically.
  None of these are solutions I like. I am looking for something more elegant. Any suggestions would be appreciated.
  *EDIT: sorry, I forgot to add; I'm using Oracle 10g.
  Thank you for your time.
  Edited by: user10921261 on Mar 20, 2009 11:57 AM

  Aequitas wrote:
  I have session level data abstracted by a package API and accessed query-inline via a table function. All this works fine; however, there is one caveat that does not. The query SQL is passed to a jobs table and executed by a scheduled job. So the job session can not see the user session data.Correct. As a job is a brand new session that is created to execute the supplied PL/SQL code. This process does not create the session by inheriting the environment (name space details, temp tables, transactions) of the session that submitted the job.
  Imagine the complexities of this when the session that created the job, terminated 24 hours ago.... would it session state (if kept persistent) still apply? And what about the complexities dealing with the overheads to somehow and somewhere store this session data for the job to re-use.
  Nope.. this is not a workable solution (and nor a sensible one), so Oracle does not support it. When a job is executed, a brand new session is created for that job. (not entirely correct at a technical level as the job queue process may already exist and already have a session - but conceptually, think of a brand new session for a job).
  Is there a way to:
  1) Share Session data?What session data specifically? And what about a session that long since ceased to exist? What about session data that is dynamic and changing? Should then job see the version of that data at the time it was submiited? At the time is started execution? Or the data as it is currently within that session?
  2) define a table as containing Session temporary data, but public scope?Does not need to have a "public scope". It can be managed via an API (PL/SQL), using the job number as unique reference number. It is even possible to create low level access control on such a table that only the job and no-one else can even see the data in that table, except for the job.
  3) Group Sessions or grant session privileges (to share scope)?Nope.
  4) Run a process/job under a different Session ID, or with specific Session privileges?Which session privileges? Remember that each session has two basic memory areas - the PGA (Process Global Area) and UGA (User Global Area). Both are private and non-sharable.
  5) Call a procedure or function from one session, but have it Execute under a different session?Nope.
  As it stands, I can either copy the data out to a permanent table (and manually implement Session ID, and Session level cleanup), change the current API and underlying global temporary table to a permanent table (and again manually implement Session ID, and Session level cleanup), or before job scheduling parse the SQL, and expand the function table data into the SQL statically.Still not sure what you imply with session data.
  In my case I have a process API (running on top of DBMS_JOB ) that developers use to schedule jobs (it manages external processes, mostly used for collecting data from other non-db servers). In some cases, the caller is a Virtual Private Database (VPDB) session - with a name space that contains the keys and tokens and what not that is required for access control and security. The name space cannot be copied across to the job.
  So as part of the process API that creates the job, a logon/authentication/authorisation call is added. With the calling session username. This is the same call that would have been made when the user session was created at logon time. And this call creates the name space that contains the keys and tokens required. Thus creating that batch (job) session in the background, uses the same initialisation processing that an interactive session (created from the app server) would use. The code running in that job is oblivious to the fact that the session was not created via an interactive logon from the app server.
  None of these are solutions I like. I am looking for something more elegant. Any suggestions would be appreciated.If you truly want an IPC mechanism between two sessions in Oracle, two methods come to mind. Database pipes. Advance Queuing.
  This is not really that complex to implement. IPC itself is not difficult. The difficult part is designing the code around cross-session communication and have that work effectively and efficiently. And within the database session context, this can be not only quite difficult to do, but also not always the very sensible thing to do.

• Retrieving session data for user (HOW ?)

  I have written an ecommerce site which uses HttpSession objects for storing data (ie users shopping cart). The touble I have is that when the user clicks pay, there request goes to a different server and if valid that server does a callback to my server.
  PROBLEM - When I receive the request for the call back I have lost the session data. I am able to pass hidden form params in the callback request, so I can send the session id.
  QUESTION - AM I able to retrieve a session with the stored ID. I did try appending jsessionid=<sessionID> into the call back URL but it still created a new session.
  Thanks
  Justin

  How about this
  1) Implement HttpSessionListener interface and hold your own list of sessions in Hashtable
  2) Send session id to request and get it back with from callback
  3) Search in your Hashtable your lost session.
  4) Enjoy
  Pavel
  P.S. The way you're trying is hacky... I mean session id sometimes handled in parameters (as you have tried to hack) or in cookies.