Session expiry on 2 applications

Hello
I have 2 applications running on weblogic 7.0 on two managed servers ,
When I try to access the applications from 2 browser sessions I am getting an
issue where the user session is lost from the other application,
If I open the second window using File->New->Window from IE I have this issue.
If open 2 browser windows by opening 2 IE sessions from the tool bar it works
fine.
Why I am loosing the session in the first case, it is totally different applications
running on different managed servers.
ANy help is appreciated
Thanks
DN

Please review the following note, it describes the new session timeout functionality given in Oracle Applications 11i by FND patchset D (1932070) and higher.
Note: 171261.1 - Description of the New Session Timeout Functionality in Apps 11i FND Patchset D or Higher
https://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=171261.1

Similar Messages

  • Verify session expiry using BO api

    Hi,
    I have an application connecting to BO server for getting reports. I create a BO session using BO api and successfully getting the reports by suppressing the login page. But now i need to verify the BO session expiry.
    Could any one tell me which BO api should i use to verify this.
    Any help would be highly appreciated

    Hi Ted,
    Thanks for your valuable suggestion, but I am still not able to verify whether the session is expired or not. I have changed all the session time out tag in web.xml of these deployed application on tomcat of BO
    1. businessobjects
    2. adminlaunch
    3. desktoplaunch
    and also on Central Management Server >Servers>Web_IntelligenceReportServer -->Connection Time Out parameter. I have set it to 1 min.
    when I logged into the InfoView, its session time out happens after 1 min. So by these changes I am sure that session is expired after 1 min, but when I do it using a custom application it doesn't tell me whether the session is expired or not.
    Here is my code :
            HttpSession session = request.getSession();
            String logonToken = (String)session.getAttribute("BOSessionToken");
            IEnterpriseSession enterpriseSession =(IEnterpriseSession) session.getAttribute("EnterpriseSession") ;
            try
                 //First time login
                 if(enterpriseSession == null){
                      ISessionMgr sessionMgr = CrystalEnterprise.getSessionMgr();
                      enterpriseSession = sessionMgr.logon(UserName, Password, sCMS, "secEnterprise");
                      logonToken = enterpriseSession.getLogonTokenMgr().createLogonToken("", 60, 100);
                      logger.debug("Retrived Token for reports is --> " + logonToken);
                      // Store the IEnterpriseSession object in the session.
                      session.setAttribute("EnterpriseSession", enterpriseSession);
                      session.setAttribute("BOSessionToken", logonToken);
                 else{
                           // Check where EnterpriseSession is expired or not
                           IInfoStore iStore = (IInfoStore) enterpriseSession.getService("InfoStore");
                           if(iStore == null)//This may fail if the IEnterpriseSession is expired
                                ISessionMgr sessionMgr = CrystalEnterprise.getSessionMgr();
                                enterpriseSession = sessionMgr.logon(UserName, Password, sCMS, "secEnterprise");
                               logonToken = enterpriseSession.getLogonTokenMgr().createLogonToken("", 60, 100);
                               logger.debug("BO token is expired, creating new token --> " + logonToken);
                               // Store the IEnterpriseSession object in the session.
                               session.setAttribute("EnterpriseSession", enterpriseSession);
                               session.setAttribute("BOSessionToken", logonToken);
                           else{     
                                logonToken = (String)session.getAttribute("BOSessionToken");
                                logger.debug("Using the older Token for reports --> " + logonToken);
    The condition if(iStore == null)  is not going to be valid not even a single time even if the session is timed out.
    With Regards,
    Anosh

  • Page Not displayed error upon Session Expiry in Solari Environment

    Hi All,
    I have a web application deployed in Solaris environment.
    Session expiry is handled from the application.
    I have this code for session expiry in my filter class:
    ((HttpServletResponse) _response).sendRedirect("/myapp/view/sessionExpired.jsp");
    When this code is executed Im getting "Page Cannot be Displayed " error is thrown.
    The same scenario works fine windows environment.
    Im facing this issue when it is on Solaris environment.
    Thanks in Advance.
    Cheers,
    Shorath

    I am using basic in my local environment. When we deploy to DEV/QA/PROD server, it will be SSO enabled. The requirement is, when user clicks on Ok button on session expired popup, it should just stay(refresh) on the same page with the pretty URL. Currently it refreshes the page with full URL.
    URL in Browser before session expiry: http://localhost:7101/MyApp/faces/page1
    URL in Browser after session expiry(click ok on popup, refreshes the same page): http://localhost:7101/MyApp/faces/oracle/webcenter/portalapp/pages/page1.jspx

  • Problem in implements ADF Faces: Detecting and handling user session expiry

    Hello everybody
    I´m trying to implement a method to handle user session expiry as explained by frank nimphius in his blog.
    http://thepeninsulasedge.com/frank_nimphius/2007/08/22/adf-faces-detecting-and-handling-user-session-expiry/
    I have implemented the class bellow and add the filters in web.xml. However when I add the JavaServer Faces Servlet to sign the filter, my hole application get nuts. I try to publish the applicatoin in the OAS and it seems that it already starts expired.
    Someone konw what I´m doing wrong?
    I use the filter
    <filter>
    <filter-name>ApplicationSessionExpiryFilter</filter-name>
    <filter-class>adf.sample.ApplicationSessionExpiryFilter</filter-class>
    <init-param>
    <param-name>SessionTimeoutRedirect</param-name>
    <param-value>SessionExpired.jspx</param-value>
    </init-param>
    </filter>
    then I add
    XML:
    <filter-mapping>
    <filter-name>ApplicationSessionExpiryFilter</filter-name>
    <servlet-name>Faces Servlet</servlet-name>
    </filter-mapping>
    package adf.sample;
    import java.io.IOException;
    import javax.servlet.Filter;
    import javax.servlet.FilterChain;
    import javax.servlet.FilterConfig;
    import javax.servlet.ServletException;
    import javax.servlet.ServletRequest;
    import javax.servlet.ServletResponse;
    import javax.servlet.http.HttpServletRequest;
    import javax.servlet.http.HttpServletResponse;
    this is the class
    public class ApplicationSessionExpiryFilter implements Filter {
    private FilterConfig _filterConfig = null;
    public void init(FilterConfig filterConfig) throws ServletException {
    _filterConfig = filterConfig;
    public void destroy() {
    _filterConfig = null;
    public void doFilter(ServletRequest request, ServletResponse response,
    FilterChain chain) throws IOException, ServletException {
    String requestedSession = ((HttpServletRequest)request).getRequestedSessionId();
    String currentWebSession = ((HttpServletRequest)request).getSession().getId();
    boolean sessionOk = currentWebSession.equalsIgnoreCase(requestedSession);
    // if the requested session is null then this is the first application
    // request and "false" is acceptable
    if (!sessionOk && requestedSession != null){
    // the session has expired or renewed. Redirect request
    ((HttpServletResponse) response).sendRedirect(_filterConfig.getInitParameter("SessionTimeoutRedirect"));
    else{
    chain.doFilter(request, response);
    I'm really having trouble controlling user sessions. if someone know where I can get materials to learn how to implements session in Jdev ADF + BC, I´m very grateful.
    Thank you Marnie

    The class works fine.. the issue is when I add the this code into web.xml
    <filter-mapping>
    <filter-name>ApplicationSessionExpiryFilter</filter-name>
    <servlet-name>Faces Servlet</servlet-name>
    </filter-mapping>
    bellow the web.xml
    <?xml version = '1.0' encoding = 'windows-1252'?>
    <web-app>
    <description>Empty web.xml file for Web Application</description>
    <context-param>
    <param-name>javax.faces.STATE_SAVING_METHOD</param-name>
    <param-value>client</param-value>
    </context-param>
    <context-param>
    <param-name>CpxFileName</param-name>
    <param-value>userinterface.DataBindings</param-value>
    </context-param>
    <filter>
    <filter-name>ApplicationSessionExpiryFilter</filter-name>
    <filter-class>view.managedBean.ApplicationSessionExpiryFilter</filter-class>
    </filter>
    <filter>
    <filter-name>adfFaces</filter-name>
    <filter-class>oracle.adf.view.faces.webapp.AdfFacesFilter</filter-class>
    </filter>
    <filter>
    <filter-name>adfBindings</filter-name>
    <filter-class>oracle.adf.model.servlet.ADFBindingFilter</filter-class>
    </filter>
    <filter-mapping>
    <filter-name>ApplicationSessionExpiryFilter</filter-name> ==> the problem occurs when I try to add this code
    <servlet-name>Faces Servlet</servlet-name>
    </filter-mapping>
    <filter-mapping>
    <filter-name>adfFaces</filter-name>
    <servlet-name>Faces Servlet</servlet-name>
    <dispatcher>FORWARD</dispatcher>
    <dispatcher>REQUEST</dispatcher>
    </filter-mapping>
    <filter-mapping>
    <filter-name>adfBindings</filter-name>
    <url-pattern>*.jsp</url-pattern>
    </filter-mapping>
    <filter-mapping>
    <filter-name>adfBindings</filter-name>
    <url-pattern>*.jspx</url-pattern>
    </filter-mapping>
    <servlet>
    <servlet-name>Faces Servlet</servlet-name>
    <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet>
    <servlet-name>resources</servlet-name>
    <servlet-class>oracle.adf.view.faces.webapp.ResourceServlet</servlet-class>
    </servlet>
    <servlet-mapping>
    <servlet-name>Faces Servlet</servlet-name>
    <url-pattern>/faces/*</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
    <servlet-name>resources</servlet-name>
    <url-pattern>/adf/*</url-pattern>
    </servlet-mapping>
    <session-config>
    <session-timeout>1</session-timeout>
    </session-config>
    <mime-mapping>
    <extension>html</extension>
    <mime-type>text/html</mime-type>
    </mime-mapping>
    <mime-mapping>
    <extension>txt</extension>
    <mime-type>text/pain</mime-type>
    </mime-mapping>
    </web-app>
    By the way, how can I post code on the forum properly?

  • Handling user session expiry

    I am trying to implements Frank's way of detecting session expiry.(http://thepeninsulasedge.com/frank_nimphius/2007/08/22/adf-faces-detecting-and-handling-user-session-expiry/)
    It looks so simple and works perfectly well on test application in OC4J servers...
    But it doesnt work on my JBoss.
    Basicaly you take requestSession and currentWebSession in filter and compare them like this:
    String requestedSession = ((HttpServletRequest)request).getRequestedSessionId();
    String currentWebSession = ((HttpServletRequest)request).getSession().getId();
    If session id's are not equal, then it is expired session...But on my JBoss I always get equal session ids and never get requestedSession null (you should get null on initial session)!!! I am realy stuck with this
    I try checking if requested session is valid with isRequestedSessionIdValid() and I always get valid on my JBoss... on OC4J it works properly as well...
    Maybe this has something to do with my secure connection on JBoss?
    Can someone please give me something to hold to!?

    I am trying to implements Frank's way of detecting session expiry.(http://thepeninsulasedge.com/frank_nimphius/2007/08/22/adf-faces-detecting-and-handling-user-session-expiry/)
    It looks so simple and works perfectly well on test application in OC4J servers...
    But it doesnt work on my JBoss.
    Basicaly you take requestSession and currentWebSession in filter and compare them like this:
    String requestedSession = ((HttpServletRequest)request).getRequestedSessionId();
    String currentWebSession = ((HttpServletRequest)request).getSession().getId();
    If session id's are not equal, then it is expired session...But on my JBoss I always get equal session ids and never get requestedSession null (you should get null on initial session)!!! I am realy stuck with this
    I try checking if requested session is valid with isRequestedSessionIdValid() and I always get valid on my JBoss... on OC4J it works properly as well...
    Maybe this has something to do with my secure connection on JBoss?
    Can someone please give me something to hold to!?

  • Detecting user session expiry in secure connection

    I have implemented Frank's method of detecting expired session (http://thepeninsulasedge.com/frank_nimphius/2007/08/22/adf-faces-detecting-and-handling-user-session-expiry/)-
    basicaly we call session expired when requested session is not equal to current web session:
    String requestedSession =
    ((HttpServletRequest)request).getRequestedSessionId();
    String currentWebSession =
    ((HttpServletRequest)request).getSession().getId();
    boolean sessionOk =
    currentWebSession.equalsIgnoreCase(requestedSession);
    It works perfectly well when I am launching application in OC4J, but it doesnt if I use JBoss with secure connection and session id in cookie- requestedSession and requestedSession is always the same
    Is there a way to detect session expiry using secure connection?

    Thank You for the answer Frank.
    unfortunately I cannot see full view of how this proposal differ from what I am doing..
    Can You please be more specific...
    As I understand, I am doing exactly the same with:
    String requestedSession =
    ((HttpServletRequest)request).getRequestedSessionId();
    String currentWebSession =
    ((HttpServletRequest)request).getSession().getId();
    or you mean to save currentWebSession somewhere else?

  • Detecting and handling user session expiry

    I have implemented Frank's method of detecting expired session (http://thepeninsulasedge.com/frank_nimphius/2007/08/22/adf-faces-detecting-and-handling-user-session-expiry/)-
    basicaly we call session expired when requested session is not equal to current web session. If requested session is null then we say its innitial request.
    But there is situation when this doesn't work properly:
    We are closing our application, but we dont close the browser. Then if we try to open our application again (initial request) our code detects session expiry error, becouse requested session is not null...
    Is there I way to make it work properly?

    I have implemented Frank's method of detecting expired session (http://thepeninsulasedge.com/frank_nimphius/2007/08/22/adf-faces-detecting-and-handling-user-session-expiry/)-
    basicaly we call session expired when requested session is not equal to current web session. If requested session is null then we say its innitial request.
    But there is situation when this doesn't work properly:
    We are closing our application, but we dont close the browser. Then if we try to open our application again (initial request) our code detects session expiry error, becouse requested session is not null...
    Is there I way to make it work properly?

  • Session expiry method

    Ive read the Servlet 2.3 spec and can see no mention of the following - what should a web container do to the session object when the session has expired?
    When a client accesses an expired session ,should they be given a null reference, or should the server have called invalidate() on the session, maintaining the object reference, but unbinding all objects on it?
    The reason I ask is that I have been given some small web apps to migrate from one j2ee server to another (from Websphere to Weblogic), and as an in between step, Ive got them running on Tomcat 4 on my local machine. I have noticed that the session expiry page of the application is triggered by the session being null, which works on Websphere, but on Weblogic, the session object is not null when it expires, just invalidated, therefore the application does not work as well.

    When session expires, container unbounds all attributes, then calls invalidate() method. ( here HttpSessionListener works for listening to session invalidation or expiration )
    You can check session is valid by :
      if ( session.isNew() ) {
        // Session is valid
      }OR
      if ( request.isSessionIdValid() ) {
        // Session is valid
      }get it ?
    Behrad

  • Sso session timeout per partner application

    Hello,
    I was just wondering if it is possible to configure SSO session timeouts per partner application? I'm looking to log out users of a particular application after 15 minutes, but don't want this change to affect any of my other SSO enabled applications. Is this possible?
    Thanks,

    Hi,
    I do not think so, you can not specify specail parameter for one application in SSO.
    Why because SSO is one component (within your Infra) through which you logon different apps.
    Another solution may be it will expensive is that you 'll need to use different infra for this specific application.
    Regards,
    Hamdy

  • Redirecting user to login page after session expiry

    Hi,
    Default session expiry implementation in sap EP6.0 doesn't work properly. To overcome this, we have implemented one component where we check the idle time and throw the user back to the login page if the idle time has exceeded the session expiry period. This component has been added to desktop inner page as an iView. Following is the logic put in this component.
    IAuthentication ia = UMFactory.getAuthenticator();
    ia.logout(httpRequest, httpResponse);
    httpResponse.sendRedirect("/irj/portal");
    We are successfully getting the login page after session expiry. Issue is, our portal server is running on 11111 port. We cannot change this to 80 on unix because of unix limitations for the port number. So we have put one apache web server before our portal server. Apache web server is listening on port 80 and forwarding the request to our portal server.
    Now when user is redirected to the login page, url being shown in the browser is http://<host_name>:11111/irj/portal but I am expecting http://<host_name>/irj/portal (without port). I have tried putting the full url in sendRedirect() method but that too doesn't work.
    Any help is highly appreciated.
    Regards,
    Chandra

    Hi Chandra,
    Let the URL be relative in the sendRedirect i.e.
    httpResponse.sendRedirect("/irj/portal");
    However since you have a Reverse proxy in front, the response header for redirect will not contain the address of the reverse proxy in this case, your servername without port. You have to properly configure your reverse proxy so that the HTTP Headers are changed properly before sending the response to the users.
    Check this URL,
    http://httpd.apache.org/docs/1.3/mod/mod_proxy.html#proxypassreverse
    This gives you the details on configuring your apache.
    Hope this helps.
    Ankur
    P.S. If this helps please reward points.

  • How to track session in Webdynpro Java application

    Hi All,
    How to get the session reference of any Webdynpro Java Application . My purpose is that thr is one WD application is getting launched , now if suppose user didn't perform any action on it and session for that application got expired . After the session got expired i have to update the table with the status . So to track that i need the session reference of WD application which i m looking for .
    How could i get the same . Kindly help me on this .
    Thanks & Regards,
    Mitul.

    Hi ,
    HttpSession session = request.getSession(false); //get the current session, if there is no session yet, return null
    if (session == null) //forward to first page
    else //do normal work
    Then u can update ur session right ,
    Regards ,
    Venkat

  • Unable to fetch session variables in my application page code behind

    hi,
    my env:  1  WFE  server which hosts the  central admin and my web appln,  1 sql server box  
    i am having a custom web part[ listviewbyquery web part]  which populates the site collection/ sub site's document library contents . also it reads some query string values and pushes these  values into  session variables.
    and i am having another application page in this application which reads this session variables and  perform some operation in a custom sql db. But i am unable to read these session variables on page load of this  application page.
    am unable to debug also. so, would like to know is there any way i can see, what values  are getting passed to this page and verify the session variables are accessed correctly.
    or
    is this  by design, that its not possible to read session variables in the application page ?
    if i am not having a visual studio env. to debug, how to test these  session variable  existence / to find the root cause of this issue.
    note: already configured session state in IIS , http  modules section. am using Page.Session["myvariable1"].tostring() to fetch the  session variables.
    help is appreciated!

    i have found out myself. i have put  page.response.write(mysessionvariables) in the code and deployed and tested in my env. and i was able to find out the reason and i have fixed it with proper validation check.

  • Clear session state for related application/page

    I have an application item I want to clear and I am not sure what is
    the correct session state process type to select
    I am reading about the different state process but I am not sure.
    I thought it was
    Clear Cache for Items (ITEM,ITEM,ITEM) but this item has to be on a page.
    What would be the appropriate one to select to clear an application item
    Clear Cache For Applications (removes all session state for listed applications)
    Clear Cache For Current Application (removes all session state for current application)
    Clear Cache For Current Session (removes all state for current session)
    Clear Cache for Items (ITEM,ITEM,ITEM)
    Clear Cache for all Items on Pages (PageID,PageID,PageID)
    Reset Preferences (remove all preferences for current user)
    Set Preference to value of Item (PreferenceName:ITEM)
    Set Preference to value of Item if item is not null (PreferenceName:ITEM)
    Howard

    How do I name the application item.. I tried the following.
    itemName
    :itemName
    application:itemName
    and neither of these 2 work. Did I miss anything.
    Howard
    Edited by: csphard on Oct 29, 2009 10:11 AM
    Edited by: csphard on Oct 29, 2009 10:13 AM

  • Mod-osso agents session expiry - Query

    Hi,
    My setup details:
    1) I have a OHS server configured with mod-osso agent.
    2) There is a OAM server which has the profile created for this mod-osso agent.In the OAMConsole I set the 'SESSION LIFETIME'(under common settings) to 2min.
    3) When I try to access the protected resource (protected by OSSO agent) it seems to take about 4 mins or so to expire a session.
    As per few documents, "this behavior is seen only for mod-osso agents and that is due to the presence of the OHS cookie.This is by design of mod-osso agents meant to reduce server round-trips."
    I tried to search a lot about the exact working of the OHS-cookie in this regard and how does it count to increase in the session expiry time.
    It will be very helpful ,if I get any details/pointers on this topic.
    Thanks!

    Create a new osso.conf via rreg or OAM console after the WLST command to enable GITO has been executed. The osso.conf file contains entries for the cookie name and the idle time. The osso.conf is encrypted for security reasons.

  • How to configure security policies like account locking, account expiry in portal application?

    Hi All,
    Can anybody pls tell me how to configure security policies like account locking,
    account expiry in portal application? By default, it has a 30 minutes lock period
    after 5 retries. But if I want to set other values or want to unlock account of
    a user, then what to do ?
    TIA,
    Sudarson

    I have read the SSO admin guide, and performed the steps for enabling SSL on the SSO, and followed the steps to configure mod_osso with virtual host on port 4443 as mentioned in the admin guide.
    The case now is that when I call my form (which is developed by forms developer suite 10g and deployed on the forms server which is SSO enabled) , it calls the SSO module on port 7777 using http (the default behaviour).
    on a URL that looks like this :
    http://myhostname:7777/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=.......
    and gives the error :
    ( Forbidden
    You don't have permisission to access /sso/auth on this server at port 7777)
    when I manually change the URL to :
    https://myhostname:4443/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=.......
    the SSO works correctly.
    The question is :
    How can I change this default behaviour and make it call SSO on port 4443 using https instead ?
    Any ideas ?
    Thanks in advance

Maybe you are looking for