Session Expired nested application inside af:inlineFrame weblogic cluster

Similar Messages

• Not able to clear session of web application running inside wpf browser control

  Hi,
  I have used below code to clear session of web application running inside wpf browser control .   
  [DllImport("wininet.dll", SetLastError = true)]
     private static extern bool InternetSetOption(IntPtr hInternet, int dwOption, IntPtr lpBuffer, int lpdwBufferLength);
   InternetSetOption(IntPtr.Zero, INTERNET_OPTION_END_BROWSER_SESSION, IntPtr.Zero, 0);
  This code is working in Windows 8 but it is not working in windows 7 and windows 8.1.
  I want to know why it is not working and how to make it work in windows 7 and windows 8.1
  Please help.
  Thanks & Regards,
  Pritesh

  Hi,
  I have used below code to clear session of web application running inside wpf browser control .   
  [DllImport("wininet.dll", SetLastError = true)]
     private static extern bool InternetSetOption(IntPtr hInternet, int dwOption, IntPtr lpBuffer, int lpdwBufferLength);
  InternetSetOption(IntPtr.Zero, INTERNET_OPTION_END_BROWSER_SESSION, IntPtr.Zero, 0);
  This code is working in Windows 8 but it is not working in windows 7 and windows 8.1.
  I want to know why it is not working and how to make it work in windows 7 and windows 8.1
  Please help.
  Thanks & Regards,
  Pritesh

• Session expired application Webdynpro java

  HI:
  I am developing an application in WebDynpro Java (J2EE Engine 7.0), which does not run in the portal but is simply displayed on the WAS server.
  The problem is I need to catch the exception from the code to not get the error 500: session expired.
  I can not change the session time from the properties of the application because it is a customer requirement with 15 minutes session expires.
  How I can resolve this?
  Thanks and best regards.
  Maria Elena

  HI:
  I've been reading the note and I have a question.
  To change the error page, it is in the web.xml, for example:
  <error-page>
  <error-code>500</error-code>
  <location>/customerrors/500.jsp</location>
  </error-page>
  With this code if I have a 500 error, will launch the jsp (500.jsp).
  my question is: where I have the web.xml?
  Do I have to develop a J2EE aplicaion or is directly in my WebDynpro application or is on the server?
  Thanks and best regards

• Session expired (timeout) without ADF Security using.

  Hello!
  I have a problem with my application in which i use own security realization without ADF Security using. I realized custom implementation of javax.servlet.http.HttpSessionListener interface, in which i log session creation and expiration events. On WebLogic I realized customDBMS authentification class. Session timeout defined in web.xml (<session-timeout>5</session-timeout>), in weblogic.xml session timeout not define.
  Problem description: when session expired (popup warning displayed before this) and press OK button in popup with session expired warning, I see what no any log about session destroying from my HttpSessionListener implementation, so I cant understand, what session expired and process this event in my servlet filter. So I stay at same page (but without data in tables, coz binding variables in VO queries is not defined). If I am not click OK in the popup and wait about minute, then appear a log message about the destroying the session from my HttpSessionListener implementation. Why is the delay between the appearance of warning session expired and the actual destroying of the session in WebLogic?
  I use JDeveloper 11.1.1.6.0, application deployed in integrated WebLogic 10.3.5.0

  Hi,
  Why is the delay between the appearance of warning session expired and the actual destroying of the session in WebLogic?Because warning is given about 2-3 min before session expire
  That is why
  If I am not click OK in the popup and wait about minute, then appear a log message about the destroying the session from my HttpSessionListener implementation.

• Session Expired Error in Oracle Vision Demo due to absence of a cookie !!

  Hi Folks,
  I kept getting the session expired error in Vision Demo even after I had supplied the right user id/password combos. So I set up a on-logon trigger in the APPS schema and it turns out that the Front End JSP page calls the ICX_SEC package.
  Herein it refers to the function valiadateSession inside this package. I did some digging around and it turns out that inside this function using the OWA_COOKIE utility the function tries to get the details of a cookie called 'WF_SESSION' and passes this to the Front End.
  And this is where it is failing. I checked to see and the return from the OWA_COOKIE.GET('WF_SESSION') does return a value of NUM_VALS=0. So the problem remains that the intial JSP page is unable to either set the cookie or I am reading this all wrong.
  Plan to dig deep into this. Meanwhile if anyone has faced this error any helpful tips would be deeply appreciated.
  PS: I am new to Oracle Apps and have to learn it in a hurry :(( Sad part is am unable to even get into the Application as of now :P I have installed and am using 11i.8 (11.5.8).
  cheers
  ~
  kaushik

  Check your browser settings for accepting cookies from this domain, you must have tried this by now clearing all your browser cache and cookies.
  try solutions beacon site where they have Oracle Apps Demo Instances for Public
  http://www.solutionbeacon.com/tools_vision.htm

• Is Weblogic Cluster  supports Application scope Objects?

            Our Application is mainly depends on Application scope objects. On one m/c, it
            is perfect.
            Now, we want to support the failover , load balancing ... (High Availability).
            I know, weblogic cluster supports HttpSessions, EjbObjects ... etc. What about
            Application scope objects.
            we are planning for weblogic server which supports the our requirements.
            If not, what is the solution to make it work by using Weblogic server.
            for eg: I can give what type of application we are developing --- similar to
            textchat.
            our application is real time application.
            

  Even a singleton is not good enough as singletons are good only in the VM they were
            created it. One way is to have a distributed object such as a stateful session bean of
            which only one instance exists. U can create it at startup and store its handle in
            some persistent storage as well as a singleton. This ensures that even if the
            singleton doesnt contain it the refgerence to it can be obtained.
            There will be some problems with this setup as people should not allow it to create
            instances of it . Any such endeavor will lead to a CacheFullException.
            But essentially that seems possible.
            Even the 2.3 Servlet specification mandates that ServletContext and Application level
            object is only valid inside the JVM which created it. HttpSessions are replicated
            SessionContexts are not and are not likely to be in any J2EE application server
            Sameer
            Devi wrote:
            > One more comment from my side,
            > U mentioned "EXCEPT FOR JNDI" , if this is possible, how can we acheive?
            > Can U give brief description ? Take textchat example itself? since, our application
            > is almost have same mechanism. If it is < 1 sec delay means acceptable for this
            > release.
            >
            > Thanks,
            > Devi
            >
            > "Cameron Purdy" <[email protected]> wrote:
            > >Weblogic doesn't support replicated / synchronized app scope objects
            > >across
            > >a cluster except for JNDI, which is probably not a good solution for
            > >what
            > >you are describing.
            > >
            > >If you need a real-time shared fault-tolerant fail-overable high-performance
            > >load-balanced high-scale data store, then let me know when you find one
            > >;-)
            > >.... seriously, there are not a whole lot of good general purpose solutions
            > >in this space. There are some things to look at but they are all expensive:
            > >
            > >Persistent PowerTier on top of Oracle - a caching entity EJB server
            > >Jasmine (or whatever it is called this week) - an object oriented
            > >distributed data store
            > >....
            > >
            > >Peace,
            > >
            > >--
            > >Cameron Purdy
            > >Tangosol Inc.
            > ><< Tangosol Server: How Weblogic applications are customized >>
            > ><< Download now from http://www.tangosol.com/download.jsp >>
            > >
            > >
            > >"Devi" <[email protected]> wrote in message
            > >news:[email protected]...
            > >>
            > >> Our Application is mainly depends on Application scope objects. On
            > >one
            > >m/c, it
            > >> is perfect.
            > >> Now, we want to support the failover , load balancing ... (High
            > >Availability).
            > >>
            > >> I know, weblogic cluster supports HttpSessions, EjbObjects ... etc.
            > > What
            > >about
            > >> Application scope objects.
            > >> we are planning for weblogic server which supports the our requirements.
            > >>
            > >> If not, what is the solution to make it work by using Weblogic server.
            > >> for eg: I can give what type of application we are developing ---
            > >similar to
            > >> textchat.
            > >> our application is real time application.
            > >>
            > >
            > >
            

• Redirect to main jsp when the session expires

  Hi,
  I have a jsp say mainframe.jsp in which I have two frames each having a jsp page say child1.jsp and child2.jsp.
  When the session expires and I when i try do any changes in child2.jsp or child1.jsp, the page redirects to login page and when I login successfully, I am getting redirected to child2.jsp or child1.jsp respectively. But I want it to be redirected to mainframe.jsp.
  Any help is greatly appriciated.
  Thanks in advance.
  Vinod

  I think I am not clear.
  When I try to login after session expiry, I am redirected to child jsp.
  But what I want is that I should be redirected to mainfram.jsp page.
  url in the address shows : ../mainframe.jsp?ID=******
  When my seesion is expired and I try do some manipulation in child1.jsp (which is inside a frame of my mainframe.jsp). it is redirected to login page and from there to child1.jsp instead of mainframe.jsp
  Now the address url shows : ../child1.jsp?ID=********* because of which I am not able to see child2.jsp along with child1.jsp
  What I want : ../mainframe.jsp?ID=********
  this is the code I am using !!
  String destPage = request.getRequestURI();
  response.sendRedirect("../redirect.jsp?dest=" + URLEncoder.encode(destPage));

• ISE 1.2 Guest Access session expired

  We have set up the ISEs to allow wired guest users to logon with CWA but every time we get
  "Your session has expired. Sign on again".
  We successfully get to the portal and can logon, change password, accept conditions but then we just get the session expired page.
  From the switch (some data redacted fro privacy):
  sw01#sh auth ses int f0/1
              Interface:  FastEthernet0/1
            MAC Address:  0021.xxda.xx28
             IP Address:  xxx.xx.40.45
              User-Name:  00-21-xx-DA-xx-28
                 Status:  Authz Success
                 Domain:  DATA
         Oper host mode:  multi-domain
       Oper control dir:  both
          Authorized By:  Authentication Server
            Vlan Policy:  901
                ACS ACL:  xACSACLx-IP_GuestWired_ISE_Portal_Access-53182da8
       URL Redirect ACL:  dot1x_WEBAUTH-REDIRECT
           URL Redirect:  https://guest.ourdomain.com:8443/guestportal/gateway?sessionId=AC1262FB000000FA0FCEFDB8&portal=TT_GuestPortal&action=cwa
        Session timeout:  N/A
           Idle timeout:  N/A
      Common Session ID:  AC1262FB000000FA0FCEFDB8
        Acct Session ID:  0x000001CF
                 Handle:  0x370000FB
  Runnable methods list:
         Method   State
         dot1x    Failed over
         mab      Authc Success
  The ISE reports a failed login
  Event
  5418 Guest Authentication Failed
  Failure Reason
  86017
  Now the reason appears to be that the guest portal being accesed is on an ISE in our DMZ but the RADIUS/MAB authentication is done by our internal ISEs (all ISEs are part of the same cluster however).  This is because the NAD is a switch and its management interface is on the inside of the network while  the guest VLAN is in a DMZ.  If we authenticate the RADIUS and guest on the same ISE (by breaking routing/security) then the access is granted and it all works corrcetly.
  We are summarising that the session ID sent by the RADIUS ISE server is not avaialble to the Guest Portal ISE server so the session ID does not exist in the session cache.
  So does the  guest portal ISE server have to be the same ISE server that does the RADIUS/MAB session generation?  There is no obvious way to tie a FQDN (e.g. guest.ourdomain.com) to the ISE used by the NAD.
  Should the session ID not be shared across all enforcement nodes?
  Any other ideas or thoughts?
  Chris Davis

  Thanks Jan, do you know if this is by design, even across nodes in node groups?  I'm guessing that Bug CSCul10677 is the same issue.
  Thing is, it rather makes the CWA static IP/Hostname option redundant/useless in a resilient configuration.  It also means that the NAD must use the guest network for dot1x traffic or that the guest nework must be able to route over/into the internal network neither of which appear to be ideal from a security perspective...

• Session expiring

  We are using Oracle 10g r2 and APEX 3.1. We have deployed an application that is having issues with sessions expiring and the user is being required to log back in. We are using the default Application Express Authentication Schemes. We have noticed the expiration occurs when we have a user open seperate browsers and log into the app in each one. There is no period of inactivity so it should not be a timeout of any sort. Anyone have any similar issues? Any ideas at all would be appreciated.
  Thanks
  Jon

  Browser windows must run in separate OS processes in order for one's cookies not to be shared among them. There are ways to do this in IE, not sure of a way to do this in Firefox. BTW, the sessions are not expiring, the cookie value is being supplanted.
  Scott
  Edited by: sspadafo on Dec 16, 2008 1:23 PM

• PROBLEM USING FILTER TO KNOW SESSION EXPIRATION

  Hi, i'm using a filter to know when the session expires but it appeasr not to work, so i am a bit confuse because the filter always executes well but when the session gets the timeout and the user send a request it isnt executed, the server redirects the user to the login page.
  I am not sure about it, but is it possible that the reason of why the filter is not executed, is becuase i am using the apache form-authentication????
  filter's code:
  public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
  HttpServletRequest req;
  RequestDispatcher disp;
  HttpServletResponse res;
  boolean userInSession;
  String forward = getConfig().getInitParameter("sessionClosed");
  req = (HttpServletRequest) request;
  res = (HttpServletResponse) response;
  System.out.println("InFilter");
  userInSession = req.getUserPrincipal() != null;
  if(userInSession) {
  chain.doFilter(request, response);
  System.out.println("Session: " + req.getSession(false).getId());
  System.out.println("Session: " + req.getSession(false).getMaxInactiveInterval());
  System.out.println("getSessionTime: " + req.getSession(false).getCreationTime());
  } else {
  disp = req.getRequestDispatcher(forward);
  disp.forward(request, response);
       res.sendRedirect("http://www.google.com");
  System.out.println("outFilter");
  tnks
  CERR

  Hi Robert,
  thanks very much for ur pointers on the AuthFilter class.. will try that out.
  Robert Greig <[email protected]> wrote:
  Stephen wrote:
  I am using WLS 6.1 and tried using a custom filter to intercept theauthentication
  request submitted from a FORM BASE jsp (using the j_security_checkform).
  However, no matter what i've tried, it is always the authenticationpart that
  gets executed before the filter.
  Any idea how could I intercept the request before the j_security_checkservlet
  calls the security provider for authentication?There is a (now deprecated) class weblogic.servlet.security.AuthFilter.
  I haven't used it because it is deprecated but I think it does what
  you're after.
  In my apps, I make the FORM auth submit to my own servlet which can then
  do what j_security_check does (most although not all is accessible
  through public APIs).
  Robert

• Checking for session expiration

  We're using JSPs and Servlets in our application. Looking for a way in code to check if the session has expired. We will need to do this from a jsp as well as a servlet (sometimes a jsp is pointed to by a link and sometimes a servlet). Can someone point me in the right direction?
  Thanks all.
  jl

  I like the idea of a session verifier. We have about 25 jsps, 15 servlets, and at least 80 components (beans) in the app. How would the verifier component work? How could we intagrate it with all the other existing components? Ideally it would be integrated with minimal modifications...
  Is the following what you had in mind with your suggestion to check for session data:
  HttpSession session = request.getSession();
  //or could this be used too: HttpSession session = pageContext.getSession();
  String valid = session.getAttribute( KEY );
  if ( null != valid ) {
  //then the session is still active
  jl
  >
  If the session has expired and you current have a new
  session, then use the isNew() method to check the
  session object. Or, you could check the session
  object for the data you are looking for. If it is
  missing, then the session expired and has been newly
  created. You should build into your design a session
  verifier so that you don't expierence NullPointers or
  missing data.

• Tomcat session expires after compiling servlet/ class

  Hi,
  Does anybody know why tomcat(4.1) session expires if you modify a serlvet or class and compile it.
  After compiling I refresh the page and I get session invalidated page. And every time I compile I have to relogin.
  Any ideas ? Is there a work around ?

  In serverl.xml, if you have set the reloadable="true" attribute in your <Context/> tag for your web application then each time one of the servlet classes is modified, tomcat will reload the web application. Set reloadable="false" and this will stop.
  tobes

• External Link or iFrames to show a deployed application inside my portal template

  Greetings,
  after days of posting in WebLogic Portal discussion forums with no reply, im posting the same
  discussion here, hoping someone can help me out with this task.
  Im using JDeveloper 11.1.1.7 and i create a web portal application.
  I have adf application deployed to a standalone weblogic server that works fine.
  In my portal i add a extrernal link, inside default-navigation-model (used from oracle's example)
  to render my application inside the portal's context area. (i try to use iFrames, but it didn't work)
  If i add another web page, it works fine, it shows my portal menu on top where the banner is, the menu,
  and below the website. But when i add a extrernal link to show my application, it shows nothing, just
  blank white background. I also noticed this, it happens if i add google website too.
  Is there any security i have to turn it off in weblogic so it can be rendered on my web portal?

  Have you set FRAME_BUSTINH?
  Check Unable to load content in a frame. Frame content will load at the top level
  Timo

• Unique Session en web application??  How?

  How can i to force in my web application that my clients can only loggon one time at same time?, local vars in the application? if the client shutdown de PC?, i use OID for authentication, any way?
  Any data, url?
  Thanks

  You basically have to keep track of who is logged in yourself. Use an HttpSessionBindingListener to make sure you are notified when a session expires, so you can let the user back in.

• Nested Application Module Performance

  What are the implications of nesting application modules? I am nesting them in such a way that they are defined at design-time and used by calling findApplicationModule(String) on the root ApplicationModule. Could there be any significant overhead accessing one nested app mod in this way as opposed to going to the desired app mod directly? Or is there anything else to watch out for with this type of design? I haven't had any trouble so far but my project is not too large yet.

  For example, I have three ApplicationModule objects.
  RootModule, Module1, and Module2. By nesting Module1
  and Module2 under RootModule, I can use either once I
  have an instance of RootModule by calling
  findApplicationModule(String name). This is useful
  when I want to do things inside both Module1 and
  Module2 and still use the same connection and
  transaction context.
  If I only want something out of Module1 during a
  request, would it be advantageous to ONLY create
  Module1 directly and bypass my RootModule?
  Meaning this:mod1Am =
  Configuration.createRootApplicationModule("Module1","M
  dule1Config");
  mod1Am.myCustomOperation();As opposed to
  this:rootAm =
  Configuration.createRootApplicationModule("RootModule"
  "RootConfig");
  mod1Am = rootAm.findApplicationModule("Module1");
  mod1Am.myCustomOperation();
  Nick:
  There are advantages to creating Module1 directly. It would be that you don't create unnecessary objects (in your case, you would avoid unnecessary creation of Module2").
  However, I would make the following side comment: from your message, it sounds like you would create an AM for every request and remove it at the end. Did you consider using AppModule pool? AM pool would be better than create-remove because AM pool can keep around a number of root AM instances and manage resources for you. This way, you don't have to create any AM for each request. AM pool is also able to support stateful operations with excellent scalability.
  Thanks.
  Sung