Session expired, log out.

Similar Messages

• How to prevent Spaces from creating a new session after logging out

  Hi,
  I'm using WebCenter Spaces (11.1.1.4), and I notice that the user is redirected to the landing page after logging out which causes a new HTTP session to be created. I'd like to avoid this behavior, and I was told that this could be done by creating a custom logout page with pure HTML and redirect the user there upon logout. How do I go about doing this? I couldn't find anything related to this in the documentation.
  Thanks,
  Robert

  What's wrong with a new session?
  When you logout, the current session will be destroyed so it's just normal that he creates a new webcenter that does not contain a user credential.

• I'm able to open my roadrunner mail @ internet explorer, but this browser keeps showing, session expired log in and I get the message again

  I have roadrunner e-mail as a tab on my homepage. At one time I was asked, do you want to save user name and password, I responded yes. Every time I wanted to access my e-mail Your session has expired. Please log in again would come up and I would follow the instructions and could access my e-mail. Today I'm unable to access my e-mail here, but can open it at internet explorer. I even tried my wife's e-mail, which her info isn't saved and it goes back to my log in screen.

  Are you clearing cookies when you exit Firefox? Check the setup in Options > Privacy > "Clear history when Firefox closes" > Settings to make sure that "Cookies" is not checked. If you use the "Clear Recent History" item in the History menu, make sure that Cookies is not checked there as well.

• Why does FF open old website windows from my last on line session, when i start a brand new session after logging out?

  1) I went on firefox (ff) this morning and visited a few web sites
  2) I logged off (ff) and quit using the I-net
  3) later in the morning I logged back on to the I-net using (ff) and it opened the last web site I was looking at in my previous session instead of the regular "home page" I usually get when I open (ff).
  4) it is as if (ff) is making the last web site I visited from a prior session, my new home page each subsequent time I log on to the I-net.

  Make sure that Firefox is closed properly to avoid opening a possibly crashed session the next time.
  Use "Firefox/File > Exit" (Mac: "Firefox > Quit"; Linux: "File > Quit") to close Firefox if you are currently doing that by clicking the close X on the title bar.
  See "Hang at exit":
  *http://kb.mozillazine.org/Firefox_hangs
  See "Firefox hangs when you quit it":
  *https://support.mozilla.org/kb/Firefox+hangs

• Logged Out session can be accessed again After logout (DAD authentication)

  Hello,
  Please find the details of my problem below:
  SCENERIO:
  Current Authentication: No Authentication (USING DAD)
  Authorization: MYAUTH
  Frequency: Once Per Session
  declare
  lv_retval boolean;
  lv_srec pkg_myutil.r_sessionrectype;
  begin
  begin
  -- This is NOT Apex Session. I am checking the entry in a table to make sure user is logged in
  -- and the link is not opened directly. In short making sure user opened the Apex link from the
  -- Oracle Forms application.
  lv_srec :=pkg_myutil.get_session_info(:P1_SID);
  if lv_srec.valid_session then
  lv_retval := TRUE;
  else
  lv_retval := FALSE;
  end if;
  exception
  when others then
  lv_retval := FALSE;
  end;
  return lv_retval;
  end;
  The Application Security property Authorization is set to : MYAUTH
  Logout Navigation Bar Entries-URL TARGET: http://myapp.mycompany.com/pls/apex/apex_custom_auth.logout?p_this_app=105&p_next_url=http://mycompany.com
  ( I cannot put this in the Authentication Logout URL as using -DATABASE- as sentry function (DAD authentication) gives me error: No functional attributes may be set when page sentry function is '-DATABASE-'.))
  so i directly modified the navigation bar entry
  Now I open the apex link from my forms application, and it Works fine. For example
  http://myapp.mycompany.com/pls/QRYONLYDAD/f?p=105:1:2524984933940261::NO::P1_SID:0137099300:
  The authorization function takes the P1_SID value and checks in database,finds the entry so returns TRUE to display the page 1 which i call Menu page.
  If I click logout, it works and takes me to the Mycompany home page.
  My question:
  If save that link and try to access it again AFTER LOGOUT, it still displays the page. Although the session is logged out, how come it still allows to access the page? The authorization function also doesn't fire which would have prevented it atleast. How APEX knows it still a valid session even after logout happens?
  I can see that Since there is DAD authentication, the login happens automatically........ but I cannot change that method. What other option do i have?
  Please help.
  Jay

  1.) Code for the function:
  Basically we are using a private DBMS_PIPE to pass a randomly generated string and read that pipe from Apex using get_session_info. Nothing to do with Apex Session. We just want to make sure the user opened the Apex link from the application.
  function get_session_info (p_session_id varchar2) return pkg_myutil.r_sessionrectype is
  rv_sessionrec eft.pkg_myutil.r_sessionrectype;
  lv_status NUMBER;
  lv_app_id varchar2(20);
  lv_EMPID VARCHAR2(20);
  lv_timeout BINARY_INTEGER := 0; --A timeout of 0 allows you to read without blocking. otherwise the pipe will keep waiting and our purpose won't be solved
  lv_rmstatus number;
  begin
  begin
  -- Valid Session theme: If the pipe doesnot exist means the url is not requested from inside the Forms application.
  lv_status := DBMS_PIPE.RECEIVE_MESSAGE(p_session_id,lv_timeout);
  IF lv_status <> 0 THEN
  raise_application_error(-20003,'Error while receiving.Status = ' || lv_status);
  END IF;
  DBMS_PIPE.UNPACK_MESSAGE(lv_app_id);
  DBMS_PIPE.UNPACK_MESSAGE(lv_EMPID);
  if lv_EMPID is null then
  raise_application_error(-20004,'User EMPID is null in the session info.');
  end if;
  -- construct return record
  rv_sessionrec.session_id:=p_session_id;
  rv_sessionrec.valid_session :=TRUE;
  -- remove pipe
  lv_rmstatus:=DBMS_PIPE.REMOVE_PIPE(p_session_id);
  if lv_rmstatus <> 0 then
  null; -- think what to do
  end if;
  exception
  when others then
  rv_sessionrec.session_id:=p_session_id;
  rv_sessionrec.valid_session :=FALSE;
  end;
  return rv_sessionrec;
  end get_session_info;
  2.) I guess you are right. But doesn't Apex use the Userid and password hardcoded in the DAD? because it displays the username in DAD on the page footer. But It will authenticate everytime. So I want to put another layer so that my pipe verification code executes everytime which can decide whether to show the page or redirect to a error page.
  If i put in a On-Load Before Header Process on Page 1 with the pl/sql code, is there a way there to redirect to different page? I couldn't think of a way to do it. Then i can remove the code from authorization scheme and add to the On-Load process?
  Does this help any?
  Thanks for your prompt response.
  Thanks,
  Jay

• User1 logs out, JSESSIONID not deleted, User2 logs in and gets User1s Data

  We've searched the web for the better part of a year now to try to solve this, and are hoping someone somewhere has figured it out. We have SiteMinder in front of our Tomcat6, JBoss6 and 7, and WebLogic 10 servers. Trouble happens when a user logs into an application that generates a JSESSIONID in a location other than / in the browser, i.e. /foo/JSESSIONID<value>. When the user logs out, if the JSESSIONID cookie isn't located at /, it doesn't get removed. The next user comes along, authenticates to SiteMinder, goes into the same application, and since the JSESSIONID cookie still remains from the previous user, the second user sees the first user's data, which may be personal SAP data, Siebel, PeopleSoft, etc.
  We have hundreds of developers; getting them to all store their JSESSIONID cookies in / (with some unique name either at the front or end of their application's JSESSIONID cookie) would be an arduous undertaking; enforcing it going forward would be even more difficult.
  I've read countless posts across the Internet where other people have had this problem, but no good or usable solutions yet. "Tell the user to close the browser" isn't an option because we can't force them to do so (even though it's in their best interested to do so). The location of JSESSIONID will usually be unknown, and as far as I know, cannot be obtained from the browser, for security reasons. Each developer has the ability to store the cookie in any path the choose. (It's my understanding that they started using different paths because at one time it wasn't possible to rename the JSESSIONID (if it even is now), and having multiple applications storing JSESSIONID at / would cause the second one to cancel out the first one, the third one to cancel out the second one, etc, so a user could use only a single application at a time.
  I hope I'm explaining this well enough, and that someone, somewhere, has come up with a solution to this.
  Much oblige!
  Sam

  My apologies about the ambiguity.
  Without being able to make a picture or drawing it's not so easy, but here's the steps that happen:
  In this example I'll use an app called FOO that User1 and User2 need to login to.
  User1 goes to our intranet and attempts to access FOO.
  User1's request is intercepted by SiteMinder.
  User1 authenticates to SiteMinder, at which time an SMSESSION cookie is created in the browser.
  If User1 is authorized to use FOO, he's then forwarded onto the FOO login.
  User1 authenticates to FOO, at which time a JSESSIONID cookie is created in the browser, but not at / (root). It may be created in /FOO/JSESSIONID<value>, or it may be elsewhere.
  User1 finishes his FOO session and logs out. The logout.shtml page terminates the SMESSION (SiteMinder) session for User1. However, it's can't remove the JSESSIONID cookie because it's not in / (root) in the browser. User1 logs out, but does not close the browser.
  User2 comes along behind User1, and wants to use the FOO application, using the same PC as User1.
  User2 attempts to launch FOO. SiteMinder intercepts the call and wants User2 to first authenticate to SiteMinder, which he does. SiteMinder generates an SMSESSION cookie for User2.
  User2 now attempts to login to FOO. But because the JSESSIONID cookie is still there (leftover from User1's session because it couldn't be removed), User2 is taken directly into User1's FOO information.
  This is much easier to view conceptually with a drawing, however hopefully this will explain the process a bit better. Thank you for your reply and effort to help with this. I'm very grateful.
  Sam

• HT1918 I'm having some issues trying to change my account billing---I have a new debit card and i need to punch in the new number but when i go to edit my info itunes says my 'session has timed out.' i've logged in and out more than once. what's the probl

  i'm having some issues trying to change my account billing---I have a new debit card and i need to punch in the new number but when i go to edit my info itunes says my 'session has timed out.' i've logged in and out more than once. what's the problem?

  Try to change the credit information from your iphone or other ios device. Tap on settings > store > tap Apple ID > tap view account > tap payment information > change

• Hi, I cant login to the facebook app on my iphone 5 ios 6.0.2.  I keep getting an error message saying 'There was an error logging in using single sign on' when im asked to log in again i get a 'session expired' message.  This only started happening yeste

  Hi, I cant login to the facebook app on my iphone 5 ios 6.0.2.  I keep getting an error message saying 'There was an error logging in using single sign on' when im asked to log in again i get a 'session expired' message.  This only started happening yesterday. Anyone else having this problem? Thanks.

  I am having the same problem and took the following steps to mitigate it to no avail.
  1. I deleted the Facebook app on the phone and turned off Facebook in the iPhone's system-wide settings.
  2. I re-enabled Facebook in the iPhone's system-wide settings and reinstalled the Facebook app and logged in again. It worked. For about an hour.
  3. I completely restored the phone to a previous backup (before the problems started) and reenabled Facebook .... reinstalled the app.... and now it works intermittenly. But it hasn't worked in about 12 hours now (just tried a few minutes ago).
  Please advise.

• Clearing Session and/or App variables with Log-out Page?

  Greetings
  I have 3 distinct user types for my app- admins, appraisers and clients.
  All have their own directories and each directory has it's own Application.cfm:
  1) <cfapplication name="appraiseri"
  applicationtimeout="#CreateTimeSpan(0,2,0,0)#"
  clientmanagement="Yes"
  sessionmanagement="Yes"
  sessiontimeout="#CreateTimeSpan(0,2,0,0)#"
  SetClientCookies="Yes">
  2) <cfapplication name="appraiserview" ......
  3) <cfapplication name="clientview" .......
  Each have their own login which simply uses their ID in the DB as the session variable.
  login_do.cfm:
  1) Appraisers: <CFIF auth_direct_appraiser.RecordCount NEQ 0 >
  <cfset Session.appraiser_user_id =auth_direct_appraiser.appraiser_ID>
  <cfset Session.appraiser_fname =auth_direct_appraiser.appraiser_fname>
  <cfset Session.appraiser_lname =auth_direct_appraiser.appraiser_lname>
  2) Admins: <cfset Session.user_id =auth_direct.staff_ID> ......
  3) Clients: <cfset Session.processor_user_id =auth_direct_processor.processor_ID>
  I have had a session persisting for a week now- I have no idea how to get rid of it, and if one simply hits the "login" submit button with no UN or PW, it runs a query on a client (the same one) ?
  My logout page is not working at all- if the code were correct, it would clear any session variable? I have not really set an app variable (except timeout) so no need to clear that?
  Here is the code:
  <CFLOCK SCOPE="Session" TYPE="Exclusive" TIMEOUT="60">
      <CFLOOP COLLECTION="#Session#" ITEM="Key">
          <CFIF NOT ListFindNoCase('IveSeenIT', Key)>
              <CFSET StructDelete(Session, Key)>
          </CFIF>
      </CFLOOP>
  </CFLOCK>
  <SCRIPT LANGUAGE="JavaScript">
      alert("You have been logged out from the XXXXX Intranet")
      location.href='login.cfm';
  </SCRIPT>
  Any help would be appreciated- this is leaving a huge security gap in the app right now.
  Thanks

  It in unnecessary to delete session keys to invalidate them. With proper coding they should be invalidated once the session times out.
  Sessiontimeout values are usually around half an hour and applicationtimeout values are usually of the order of 1 day. Also, one way to relate session to login is to use the loginStorage attribute. If you have no need for client management, switch it off.
  Hence, for example,
  <cfapplication name="appraiseri"
  applicationtimeout="#CreateTimeSpan(1,0,0,0)#"
  clientmanagement="no"
  sessionmanagement="Yes"
  sessiontimeout="#CreateTimeSpan(0,0,30,0)#"
  SetClientCookies="Yes"
  loginStorage="session">
  I am assuming that, for login and logout pages, you will - ignoring the details - have something like
  Login:
  <cflogin>
          <cfloginuser name = "some_name" password = "some_password"   roles = "appraiser"/>
  </cflogin>
  Logout:
  <cflogout>

• What gives? I uncheck "Reopen windows when logging out" and it still goes back to the prev. sessions windows.  Is there a fix for this?

  What gives? I uncheck "Reopen windows when logging out" and it still goes back to the prev. sessions windows.  Is there a fix for this?

  I unchecked " Restore windows when quitting and re-opening apps."  in the prefs. and still it goes back to the prev windows sessions when  I uncheck "Reopen windows when logging out"

• Multiple session are open thought Users log out.

  Hello Gurus,
  I do see at CMC that many sessions are being open for many days even though users are logged out.
  We are using SAP 4.0 (14.0.4)  SP4. It's causing license issues and users are not able to log in.
  We have restarted our VM's and clear the IE browsers as well but issue still remains.
  Can you please help me on this.
  Best Regards,
  Sai

  Hi Sai,
  Could you give more information about BOE products you use and for which datasource type (UNV, UNX ?).
  I know SP04 still had different issues where multiple sessions were created when working on UNX Universes (see https://support.wdf.sap.corp/sap/support/notes/1764372), and it could lead to "lost sessions". There are other similar problems fixed in more recent versions of BOE, so you may think about upgrading your platform at some point to benefit from all these corrections.
  Regards,
  Loic

• Force end of session when user closes window without logging out

  I want to protect sensitive employee data. Does anyone know how to force a user's portal session to be terminated after a user closes a window with the "X" instead of logging out?

  Web application is connectionless. So there is no way to tell if a user has disconnected. If the user diligently logout, then invalidating a session is no problem. However, if you wish to invalidate the user upon closing of window, I suggest you drop that idea and change to different approach.
  1. If you are trying to impose single logon policy, you may consider invalidate an existing session if the same user login again.
  2. If you really need to invalidate a user session as soon as he is inactive (or closes window). I suggest you set a very small timeout interval (maybe 3 minutes). Then for all the pages, implement a simple invisible IFRAME that will keep refreshing itself (say every 2 minutes) on a dummy JSP/servlet URL. The fact that this IFRAME always hit the URL at 2 mins interval will keep the user session valid. Once the browser window is closed, the session will be invalidated in max 3 mins time.
  The final suggestion is to drop that idea altogether, the point is ... implement such feature is like twisting web application to do something that it is not design to do naturally.

• Vpdn: searching for snmp oid to log out vpdn session

  Hello colleagues,
  Cisco 7204 works as vpdn server.
  There are two problems:
  1) I'm searching for snmp oid to log out , terminate vpdn session
  2) radius server does not receives snmp statistics of incoming traffic of vpdn users.
  Please is anyone able to assist me?
  aaa new-model
  aaa authentication login default local
  aaa authentication ppp default group radius local
  aaa authentication ppp VPDN local group radius
  aaa authorization network default local group radius
  aaa accounting delay-start
  aaa accounting update periodic 3
  aaa accounting exec default start-stop group radius
  aaa accounting network default start-stop group radius
  aaa session-id common
  vpdn enable
  vpdn-group 1
  ! Default PPTP VPDN group
  description HOMENET
  accept-dialin
  protocol pptp
  virtual-template 3
  interface Virtual-Template3
  ip unnumbered Loopback1
  peer default ip address pool vpdn-pool
  no keepalive
  ppp authentication chap VPDN
  snmp-server community xxxxxxx RW
  snmp-server chassis-id 0x0E
  snmp-server enable traps tty
  radius-server host x.x.x.x auth-port 1812 acct-port 1813
  radius-server timeout 60
  radius-server key 7
  radius-server authorization permit missing Service-Type
  Best regards, Petr Akimov

  Hello –
  I received a reply from the developer of the script, and listed below is the new code that was suggested:
  #!/bin/bash
  value=`snmpwalk $1 -v1 -c $2 .1.3.6.1.2.1.25.1.5.0 | cut -d " " -f4`
  if [[ value -gt  $3 ]]
  then
  echo " $value Users Online, Critical!"
  retval=2;
  else
       if [[ $value -gt $4 ]]
             then
             echo " $value users online, Warning!"
             retval=1;
             else
             echo " $value Users online, fine."
             retval=0;
             fi
  fi
  exit $retval;
  I checked the server in question, and there were two, 2, user logins active on the system. I ran the snmpwalk command, and the output was the following:
  HOST-RESOURCES-MIB::hrSystemNumUsers.0 = Gauge32: 15
  I then modified the script to include the above text, and ran it again. The output was the following:
  15 users on line, Normal.
  For some reason, the value of 12 appears to be that for no users logged into the system. I am not sure why that is the case.
  If nothing else, progress has been made with the modification of the script.  The snmp service that I have installed on the server is that which came bundled as a
  feature with the server. The only thing that was not installed was the SNMP WMI Provider option.

• Enhancement while user log out of the session

  Hi
           We are connecting to the external system through web services and query it  to get the data. We will call this connection to external system from most of the important transactions. Our problem is, once the user connects to the external system, he has to stay connected tilll the user log out i.e. user has to disconnect while he log out. I am using shared objects and creating instance while user connects. But no clue where to clear this instance and close the connectivity. So, my question is there any BADI, Userexit or enhancement triggers while user log out or any other way to implement . Please advise
  Regards
  Shailaja.

  HI Sailaja  ,
  You can  check that  by Creating One RFC   by passing parameter   when you are connecting to external system  and also  when you are logging out of the external system  , one flag can be paased to RFC  when he logs out and  can close the session accordingly  .
  Regards
  Deepak.

• [svn:fx-trunk] 21141: Bug: 2780176 - Logging and logging out multiple times in LCDS can cause duplicate session detected errors .

  Revision: 21141
  Revision: 21141
  Author:   [email protected]
  Date:     2011-04-26 06:40:39 -0700 (Tue, 26 Apr 2011)
  Log Message:
  Bug: 2780176 - Logging and logging out multiple times in LCDS can cause duplicate session detected errors.
  QA: Yes
  Doc: No
  Checkintests: Pass
  Details: When a logout was followed by an immediate login, sometimes the server would throw duplicate session detected errors. This was because when logout happened, a fire-and-forget disconnect message was sent to the server that established a new session, and if the subsequent login happened before disconnect ACK returned from the server, that would establish another session and hence the error. The fix is to insert a slight delay between disconnect and ResultEvent dispatching. This way, disconnect has a chance to return before a login is performed.
  Modified Paths:
      flex/sdk/trunk/frameworks/projects/rpc/src/mx/messaging/ChannelSet.as

  You've got an  incompatible Logitech driver and java was incompletely uninstalled.
  You may have a problem with the Wacom driver.
  I don't know if fixing those things will help.
  There also a few window server errors, but I don't know if they are causal.
  If you can note the time of the hangs, that might help narrow it down in the logs.