Session handelling and routers

Similar Messages

• AFP session closing and logging in every 5 minutes.

  I have a new Macbook Pro and an Airport Extreme Dual Band that I seem to be having an issue with. I look at the logs in Airport Utility to check to make sure things are going well with my routers and I am continuously seeing this:
  Nov 01 05:04:43
  Severity:5
  AFP session from <Guest>@10.0.1.5 closing.
  Nov 01 05:04:43
  Severity:5
  AFP login OK from <Guest>@10.0.1.5.
  Nov 01 05:12:29
  Severity:5
  AFP session from <Guest>@10.0.1.5 closing.
  Nov 01 05:12:29
  Severity:5
  AFP login OK from <Guest>@10.0.1.5.
  Nov 01 05:14:47
  Severity:7
  Public address reported as 24.22.102.255 to 10.0.1.19:5353
  Nov 01 05:17:43
  Severity:5
  AFP session from <Guest>@10.0.1.5 closing.
  Nov 01 05:17:43
  Severity:5
  AFP login OK from <Guest>@10.0.1.5.
  Nov 01 05:22:57
  Severity:5
  AFP session from <Guest>@10.0.1.5 closing.
  Nov 01 05:22:57
  Severity:5
  AFP login OK from <Guest>@10.0.1.5.
  Nov 01 05:28:11
  Severity:5
  AFP session from <Guest>@10.0.1.5 closing.
  Nov 01 05:28:11
  Severity:5
  AFP login OK from <Guest>@10.0.1.5.
  Nov 01 05:28:25
  Severity:5
  Associated with station 8c:58:77:30:dc:81
  Nov 01 05:28:25
  Severity:5
  Installed unicast CCMP key for supplicant 8c:58:77:30:dc:81
  Nov 01 05:29:48
  Severity:7
  Public address reported as 24.22.102.255 to 10.0.1.19:5353
  Nov 01 05:33:26
  Severity:5
  AFP session from <Guest>@10.0.1.5 closing.
  Nov 01 05:33:26
  Severity:5
  AFP login OK from <Guest>@10.0.1.5.
  Nov 01 05:38:40
  Severity:5
  AFP session from <Guest>@10.0.1.5 closing.
  Nov 01 05:38:40
  Severity:5
  AFP login OK from <Guest>@10.0.1.5.
  Nov 01 05:43:54
  Severity:5
  AFP session from <Guest>@10.0.1.5 closing.
  Nov 01 05:43:55
  Severity:5
  AFP login OK from <Guest>@10.0.1.5.
  10.0.1.5 is my Macbook Pro's IP address on my network and this log continues showing the session closing and logging in every 5 minutes or so. I don't know why it would be doing this. If I restart the router, all is fine for a day or so but it goes back to doing this again. Any suggestions?

  This issue can be caused by corrupted cookies.
  Clear the cache and the cookies from sites that cause problems.
  "Remove Cookies" from sites causing problems:
  * Tools > Options > Privacy > Cookies: "Show Cookies"
  Start Firefox in <u>[[Safe Mode]]</u> to check if one of the extensions is causing the problem (switch to the DEFAULT theme: Firefox (Tools) > Add-ons > Appearance/Themes).
  *Don't make any changes on the Safe mode start window.
  *https://support.mozilla.com/kb/Safe+Mode

• Session timeout and custom sso

  Hi,
  can anyone tell me how the session and idle timeout feature in Apex exactly works?
  I built several applications in a workspace and do a sso authorization by setting a common cookie name. In addition to that i set the values for session length and idle timeout and assumed that the session length would be synchronized over all applications. But this doesn't seem to work. For instance, i set the idle timeout to 10 minutes in all applications and now i work for 15 minutes continously in application A and after that i switch over to application B (using the same session id!), the session is already expired in B.
  Is this behavior correct? And, if yes, how can i set up a synchronization over all applications?
  Jens

  Anyone?

• What is the difference between Session timeout and Short Session timeout Under Excel Service Application -- session management?

  Under Excel Service Application --> session management; what is the difference between Session timeout and Short Session timeout?

  Any call made from the API will automatically be set to the “Session Timeout” period, no matter
  what. Calls made from EWA (Excel Web Access) will get the “Short Session Timeout” period assigned to it initially.
  Short Session Timeout and Session Timeout in Excel Services
  Short Session Timeout and Session Timeout in Excel Services - Part 2
  Sessions and session time-outs in Excel Services
  above links are from old version but still applies to all.
  Please remember to mark your question as answered &Vote helpful,if this solves/helps your problem. ****************************************************************************************** Thanks -WS MCITP(SharePoint 2010, 2013) Blog: http://wscheema.com/blog

• How to open a URL without session ID and reuse the current browser session?

  Hi All,
  I have a question about HTMLDB 2.0
  How to open a URL without session ID and reuse the current browser session?
  That was the behaviour in HTMLDB 1.6 ...
  My usecase for this is the following:
  We have written an issue tracking application, which sends e-mail to the interested users, when something happens.
  In these email we've put a link to some page, with some parameters in the URL.
  The idea is for the user to be easy to click on the hyperlink and to see the details of the ticket.
  When the user clicks on such a link he is directed to a login screen (page 101) and he enters his Username and password, and is then forwarded to the details for the ticket.
  Then he receives another email (e.g. for another ticked). He clicks on the link and :
  a) in HTMLDB 1.6 he goes to the details as he didn't close his browser and session is remembered
  b) in HTMLDB 2.0 he is prompted to enter username, password with the username populated
  Please tell me how can I achieve the same behaviour in HTMLDB2.0 as it was in HTMLDB 1.6.
  I understand this change is somehow security related, althogh I don't understand how. If you can explain this either I would be very happy?
  Best regards,
  Mihail Daskalov

  Mihail - I detailed a couple of approaches here: Re: Application Link
  Scott

• Session variable and initialization block issues

  We are using OBIEE 10.1.3.3 and utilizes built in security features. (No LDAP or other single sign on). The user or group names are not stored in any external table. I have a need to supplement Group info of the user to the usage tracking we implemented recently as the NQ_LOGIN_GROUP.RESP column contains username instead of group name. So I created a session variable and associated with a new initialization block and also had a junk default value set to the variable. In the initialization block, I wrote the following query and as a result it inserted correct values into the table when the TEST button was clicked from the initialization block form.
  insert into stra_login_data (username, groupname, login_time) values ('VALUEOF(NQ_SESSION.USER)', 'VALUEOF(NQ_SESSION.GROUP)', SYSDATE)
  My intention is to make this execute whenever any user logs on. The nqserver.log reports the following error and it doesn?t insert values into the table.
  [nQSError: 13011] Query for Initialization Block 'SET_USER_LOGIN_BLOCK' has failed.
  [nQSError: 23006] The session variable, NQ_SESSION.USER, has no value definition.
  [nQSError: 13011] Query for Initialization Block 'SET_USER_LOGIN_BLOCK' has failed.
  [nQSError: 23006] The session variable, NQ_SESSION.GROUP, has no value definition.
  When I changed the insert statement as below, this does get populated whenever someone logs in. But I need the values of GROUP associated with the user as defined in the repository.
  insert into stra_login_data (username, groupname, login_time) values ('TEST_USER', TEST_GROUP', SYSDATE)
  Could someone help me out! As I mentioned above, I need the GROUP info into the usage tracking. So, if there is another successful approach, could you please share?
  Thank you
  Amin

  Hi Amin,
  See [this thread|http://forums.oracle.com/forums/thread.jspa?messageID=3376946&#3376946]. You can't use the GROUP session variable in an Init Block unless it has been seeded from an Init Block first. There isn't an easy solution for what you want, but here are some options:
  1) Create a copy of your User => Groups assignments in your RPD in an table so you can use it in your Usage Tracking Subject Area. But this means you will have to replicate the changes in two places so it's not a good solution.
  2) As the GROUP session variable is populated when you login you could theoretically use it a Dashboard and pass it a parameter to write the value to the database. But as I am not sure how can you make fire only once when the user logins it sounds like a bad idea.
  3) Move your User => Groups assignments from your RPD to a DB table. Use OBIEE Write Back or something like Oracle APEX to maintain them.
  I think 3) is the best solution to be honest.

• Session variable and Tracking in Header file

  Is there a way for me to keep track of the session and use a variable in my Header to pass around for this?
  I have a login.jsp, validate_login.jsp and other jsp's that have the same header file. Instead of me using the same code in all of the jsp's I thought it would be easier to put it in the header Please look at the example code below:
  // validate_login.jsp is passed username and password from the login.jsp.
  // validate_login then calls the logIn method in my Session class.
  <%@page contentType="text/html"%>
  <%@page pageEncoding="UTF-8"%>
  <%@page import="uom.edu.rd.session.Session"%>
  <html>
  <head><title>Validate Login</title></head>
  <body>
  <jsp:include page="header.jsp" />
  <%
      String username = request.getParameter("username");
      String password = request.getParameter("password");
      this_session.logIn(username, password);   
      boolean b = this_session.getLoggedIn();
  %>
  ==================================================================
  // The logIn method in Session class
  public void logIn(String userName, String password) {
           Connection con = null;
           Statement stmt = null;
           ResultSet rs = null;
           try{
              con = db.getConnection();
               stmt = con.createStatement();
               String sql = "SELECT * FROM RD_USER WHERE USER_NAME = '" + userName +"' AND USER_PASSWORD = '" + password + "'";
                rs = stmt.executeQuery(sql);
                if(rs.next()){
                     loggedIn=true;
                }else{
                     loggedIn=false;
           catch(Exception e){
                // If something goes wrong, make sure
                // the user is not logged in.
                loggedIn=false;
            }finally{
                try{
                     rs.close();
                     stmt.close();
                     con.close();
            }catch(Exception e){
       * Log the user out.
      public void logOut() {
           loggedIn = false;
       * Get the login status.
       * @return boolean
      public boolean getLoggedIn() {
           return loggedIn;
  ==================================================================
  // and this is part of my header.jsp
  <%@page import="uom.edu.rd.session.Session"%>
  <%
    Session this_session = Session.findSession(request);
    if ( this_session==null ) {
        /* Now, instead of redirecting, create a new Session
         * object and initialize it.
        this_session = new Session();
        this_session.makeSession(request);
        this_session.createQueryBuilder(config);     
  %>
  // This is the part I would like to pass around
  <!-- Session logged_in = new Session(); -->
  <%   
      boolean loggedIn = this_session.getLoggedIn();    
          if (loggedIn == false)
          { %>
              <A STYLE="color:#FFFFFF;text-decoration:none;" HREF="./login.jsp"><FONT COLOR="#FFFFFF">LOG IN</font></a>  <FONT COLOR="#FFFFFF"></font>
      <%  } else { %>
              <A STYLE="color:#FFFFFF;text-decoration:none;" HREF="./logout.jsp"><FONT COLOR="#FFFFFF">LOG OUT</font></a>  <FONT COLOR="#FFFFFF"></font>
       <% }
  %>
  // so if you are logged in  then you are able to view certain things on the jsp's if you are not logged in
  // then of course you cannot. I want to pass around this loggedIn variable to all the jsp's
  // after it checks  loggIn Status for each page I have tried running this but I keep getting an error: cannot resolve symbol this_session

  Use <%@ include file="header.jsp" %> instead

• Email Notifications for Switches and Routers

  Dear All,
  How may I configure switches and routers to send email notifications when link is UP/Down.
  We have Switches - ((C3750-IPBASE-M), Version 12.2(25)SEB4) & Routers - (C2900-UNIVERSALK9-M), Version 15.1(4)M3.
  Thanks in Advance,
  Best Regards,
  Taufeeq.

  You can use EEM scrip to achieve the same. Just check EEM scripting in the community directory for some examples.
  Regards,
  Sathvik 

• Session Login and Logout in jsp page

  hi
  i am developing jsp page
  i completed except logout.jsp page
  my login page is in Jsp format and then business Logic in servlet and then get method & set method in bean.java
  i have login and then it sucess page there i have singout button
  if i sign out it should go to login page
  how to do
  how to make session invalidate
  how to get session id
  i have one more doubt i should check session invalidate each jsp page
  regarding session login and logout in jsp
  if anybody knows please give me a piece of code regarding login and logout
  Regards
  Akshatha

  This is part of your filter class now you need login.jsp page
  <%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
  <%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  <html xmlns="http://www.w3.org/1999/xhtml">
  <head>
      <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
      <link rel="Stylesheet" type="text/css" href="/PAS/css/site.css"/>
      <title>Automation System | Login Page</title>
  </head>
  <body>
  <div align="center">
      <h1>Photint Automation System</h1>
  </div>
  <br/><br/><br/>
  <center>
      <table border="1" cellpadding="0" cellspacing="0" width="40%" bgcolor="FFFFFFFF">
          <thead>
              <tr>
                  <th align="left" height="30"> <h3>    Login</h3></th>
              </tr>
          </thead>
          <tbody>
              <tr>
                  <td>
                      <div align="center">
                          <form name="LOGIN" action="/PAS/LoginServlet" method="POST">
                              <table border="0">
                                  <tbody>
                                      <tr>
                                          <td height="15"></td>
                                          <td height="15"></td>
                                          <td height="15"></td>
                                          <td height="15"></td>
                                      </tr>
                                      <tr>
                                          <td height="30"></td>
                                          <td align="right" height="30">User Name : </td>
                                          <td align="left"  height="30"><input type="text" name="USERNAME" value="" size="35"  /></td>
                                          <td height="30"></td>
                                      </tr>
                                      <tr>
                                          <td height="30"></td>
                                          <td align="right" height="30">Password : </td>
                                          <td align="left"  height="30"><input type="password" name="PASSWORD" value="" size="35"  /></td>
                                          <td height="30"></td>
                                      </tr>
                                      <tr>
                                          <td height="50"></td>
                                          <td height="50"></td>
                                          <td align="center" height="50"><input type="submit" value="Login" name="Login" />  <input type="reset" value="Reset" name="Reset" /></td>
                                          <td height="50"></td>
                                      </tr>
                                  </tbody>
                              </table>
                          </form>
                      </div>
                  </td>
              </tr>
          </tbody>
      </table>
  </center>
  <br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/>
  <br/><br/><br/>
  <center>Copyright &copy; 2009 Photint FZ LLC</center>
  <center>Powered by Ali Jamali</center>
  <center>Version : 1.0</center>
  </body>
  </html>And you need loginServlet.java
  package com.ali.util.filter;
  import com.ali.entity.user.UserEntity;
  import com.ali.util.HibernateUtil;
  import java.io.IOException;
  import javax.servlet.RequestDispatcher;
  import javax.servlet.ServletException;
  import javax.servlet.http.HttpServlet;
  import javax.servlet.http.HttpServletRequest;
  import javax.servlet.http.HttpServletResponse;
  import javax.servlet.http.HttpSession;
  public class LoginServlet extends HttpServlet {
      private static final long serialVersionUID = 1L;
      protected void service(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
          String username = request.getParameter("USERNAME");
          String password = request.getParameter("PASSWORD");
          if (username == null || username.length() == 0) {
              System.err.println(" Username textfeild is empty ..... !");
              RequestDispatcher dispatcher = request.getRequestDispatcher("Pages/user/LogIn.jsp");
              dispatcher.forward(request, response);
              return;
          if (UserRegistry.isUserLoggedIn(username)) {
              System.out.printf("User [%s] is already logged in. \n", username);
              RequestDispatcher dispatcher = request.getRequestDispatcher("Pages/user/LogIn.jsp");
              dispatcher.forward(request, response);
              return;
          UserEntity user = null;
          try {
              user = (UserEntity) HibernateUtil.load(UserEntity.class, username);
              if (user == null || !user.getPassword().equals(password)) {
                  RequestDispatcher dispatcher = request.getRequestDispatcher("Pages/user/LogIn.jsp");
                  dispatcher.forward(request, response);
                  System.err.println(" Password or username is not valid ..... !");
                  return;
          } catch (Exception e) {
              e.printStackTrace();
              RequestDispatcher dispatcher = request.getRequestDispatcher("Pages/user/LogIn.jsp");
              dispatcher.forward(request, response);
              return;
          HttpSession session = request.getSession();
          System.err.println(request.getRemoteAddr());
          session.setAttribute("username", user.getFirstName());
          session.setAttribute("userType", user.isAdmin());
          UserRegistry.logInUser(username);
          response.sendRedirect("/PAS/index.jsp");
  }finally is you need to just one user can be online at time or need to know how many user & who is online you should at this class also
  package com.ali.util.filter;
  import java.util.ArrayList;
  import java.util.List;
  public class UserRegistry {
      private static final List loggedInUsers = new ArrayList();
      public static void logInUser(String username) {
          loggedInUsers.add(username);
      public static void logoutUser(String username) {
          if (isUserLoggedIn(username)) {
              loggedInUsers.remove(username);
      public static boolean isUserLoggedIn(String username) {
          return loggedInUsers.contains(username);
  }If you have any more Q. or any comment , Most welcome
  Thanks
  Ali Jamali

• Session pooling and statement handles

  Hi there,
  I have a large multi-threaded application (perhaps >100 threads). Each thread is continuously processing events (very high volumes) which involves some manipulation and some database operations (from a fixed set of possible operations).
  I am using session pooling but what I want to know is, Should I:
  (a) Prepare my fixed set of statement handles up front at program start-up when I'm creating the session pool and then reuse the statement handles in each event processing thread (also, is this thread safe ? even if it is, all threads would be contending on the same statement handles)
  or
  (b) Prepare the statement handle for each event which presumably will exploit the statement cache on the session pool. This would also mean not having statement handles shared between threads thus removing any thread contention issues.
  I think (b) is the option for me, but does anyone have any thoughts ?

  With a), one would think it's OK, but I would hate to find out that it's not thread safe by accident.
  But anyway, with b) the cost of allocating private statement handles in each thread seems very low. The memory required for the statement handle plus its bind and define handles could very well be below 8k per statement. If you've got say, 5 statements * 100 threads, you're only looking at around 4MB overall.
  Finally, you might want to make sure that the session pool statement cache is working by checking the values for 'executions' and 'parse_calls' in V$SQL for your statements.

• Session migration and replication

  Hi All,
  I am having a hard time in configuring my application for HTTP session migration. Our weblogic server consists of two managed servers running in same cluster. Each server has an Ehcache that stores some information of user with key as session ID and value as info object. In case, if a server needs restart, we would want to take this updated info Object from cache residing on server being restarted to another managed server within the same cluster.
  I browsed through many documentations online. Most of them explained about session replication but not migration. so I followed replication (I don't want a real time sync up of HTTP session. I want it to migrate if something goes wrong with one of the managed server).
  However, I could not achieve this task after following the steps to configure this feature. I would appreciate a lot if someone can help me figuring out the issue here.
  Here is what I did.
  1) Weblogic.xml
       <session-descriptor>
  <persistent-store-type>replicated_if_clustered</persistent-store-type>
  </session-descriptor>
  2) An implementation class of HttpSessionActivationListener, HttpSessionListener, HttSessionAttributeListener:
  public void sessionDidActivate(HttpSessionEvent sessionEvent) {
  // NEVER GETS CALLED
  over here i would check if session has any attribute with name 'CACHE_ELEMENT'. If yes, then it is a migration case for current managed server
            Log.info(UserCacheMigrationListener.class, "inside sessionDidActivate");//
  public void sessionWillPassivate(HttpSessionEvent sessionEvent) {
  // NEVER GETS CALLED
  Over here I would set attribute 'CACHE_ELEMENT' so that it is available for target managed server when it's sessionDidActivate is called
            Log.info(UserCacheMigrationListener.class, "inside sessionWillPassivate");
  public void sessionCreated(HttpSessionEvent sessionEvent) {
  THIS GETS CALLED! and I set the following attribute
  sessionEvent.getHttpSession().setAttribute(UserCacheMigrationListener.class.getName(), this);
  public void sessionDestroyed(HttpSessionEvent arg0) {
  THIS GETS CALLED!
  public void valueBound(HttpSessionBindingEvent arg0) {
  THIS GETS CALLED! WHICH MEANS THAT I WAS ABLE TO setAttribute this class's instance in sessionCreatedMethod
  In the above code, the setAttribute method used inside the sessionCreated(..) method successfully sets the attribute to this session. This is apparent because valueBound(..) method is called when session is created. But why does it not call the sessionWillActivate method???
  3.) An entry in web.xml for this listener.
       <listener>
            <listener-class>com.xyz.UserCacheMigrationListener</listener-class>
       </listener>
  4) from weblogic config.xml. I am copying all meaning stuffs from config.xml to describe as much as I can.
  <server>
  <name>AdminServer</name>
  <ssl>
  <enabled>false</enabled>
  </ssl>
  <listen-address>localhost</listen-address>
  <network-access-point>
  <name>AdminChannel</name>
  <protocol>t3</protocol>
  <listen-address>localhost</listen-address>
  <http-enabled-for-this-protocol>true</http-enabled-for-this-protocol>
  <tunneling-enabled>false</tunneling-enabled>
  <outbound-enabled>false</outbound-enabled>
  <enabled>true</enabled>
  <two-way-ssl-enabled>false</two-way-ssl-enabled>
  <client-certificate-enforced>false</client-certificate-enforced>
  </network-access-point>
  <data-source>
  <rmi-jdbc-security xsi:nil="true"></rmi-jdbc-security>
  </data-source>
  </server>
  <server>
  <name>Node1</name>
  <ssl>
  <enabled>false</enabled>
  </ssl>
  <machine>DevMachine</machine>
  <listen-port>7002</listen-port>
  <cluster>DevCluster</cluster>
  <replication-group>devGroup1</replication-group>
  <preferred-secondary-group>devGroup2</preferred-secondary-group>
  <web-server>
  <keep-alive-secs>500</keep-alive-secs>
  <post-timeout-secs>120</post-timeout-secs>
  </web-server>
  <listen-address>localhost</listen-address>
  <jta-migratable-target>
  <user-preferred-server>Node1</user-preferred-server>
  <cluster>DevCluster</cluster>
  </jta-migratable-target>
  <data-source>
  <rmi-jdbc-security xsi:nil="true"></rmi-jdbc-security>
  </data-source>
  </server>
  <server>
  <name>Node2</name>
  <ssl>
  <enabled>false</enabled>
  </ssl>
  <machine>DevMachine</machine>
  <listen-port>7003</listen-port>
  <cluster>DevCluster</cluster>
  <replication-group>devGroup2</replication-group>
  <preferred-secondary-group>devGroup1</preferred-secondary-group>
  <listen-address>localhost</listen-address>
  <network-access-point>
  <name>Node2Channel</name>
  <protocol>t3</protocol>
  <listen-address>localhost</listen-address>
  <http-enabled-for-this-protocol>true</http-enabled-for-this-protocol>
  <tunneling-enabled>true</tunneling-enabled>
  <outbound-enabled>false</outbound-enabled>
  <enabled>true</enabled>
  <two-way-ssl-enabled>false</two-way-ssl-enabled>
  <client-certificate-enforced>false</client-certificate-enforced>
  </network-access-point>
  <jta-migratable-target>
  <user-preferred-server>Node2</user-preferred-server>
  <cluster>DevCluster</cluster>
  </jta-migratable-target>
  <data-source>
  <rmi-jdbc-security xsi:nil="true"></rmi-jdbc-security>
  </data-source>
  </server>
  <cluster>
  <name>DevCluster</name>
  <cluster-messaging-mode>unicast</cluster-messaging-mode>
  </cluster>
  <machine>
  <name>DevMachine</name>
  <node-manager>
  <nm-type>Plain</nm-type>
  </node-manager>
  </machine>
  <migratable-target>
  <name>Node1 (migratable)</name>
  <notes>This is a system generated default migratable target for a server. Do not delete manually.</notes>
  <user-preferred-server>Node1</user-preferred-server>
  <cluster>DevCluster</cluster>
  </migratable-target>
  <migratable-target>
  <name>Node2 (migratable)</name>
  <notes>This is a system generated default migratable target for a server. Do not delete manually.</notes>
  <user-preferred-server>Node2</user-preferred-server>
  <cluster>DevCluster</cluster>
  </migratable-target>
  ------------------------------------------------------------------------------------------------------------------

  Hi,
  So you want to migrate your server to server.
  Here are the following links which help you.
  http://docs.oracle.com/cd/E15051_01/wls/docs103/cluster/migration.html
  http://www.oracle.com/technetwork/middleware/weblogic/messaging/wlasm-1853193.pdf
  let me know the status if you need any further help on this issue.
  Regards,
  Kal

• Session: Waiting and Working Chart

  I am using OEM 10g (Grid control) to monitor my database.
  But I don know what does the Y axis on the chart (Session: Waiting and Working) mean ?
  Thanks for your help.
  Note: Click Home page -> Database -> Performance -> Sessions: Waiting and Working.

  2 store the user name in the session to display as a welcome message to the user when they are logged in.]
  in class where you match the username and password .if given user is exist in records then set it into session
  HttpSession session =request.getSession();
  session.setAttribute("",);
  3 tell the user they dont exist in the database or that there password is wrong and give them the option to either A) reset the password or B) create a user
  in same class if user does not exist the redirect the request to different pages in that pages you put these two like A) reset the password or B) create a user

• Session timeout and Custon login module

  Hi,
  Dev Platform: Jdev 10.1.3.4.0, Oracle 10.2.4
  I'm trying to trap the session timeout and display a page. I'm using the code below from Frank Nimphius. I've also provided a console log of what is happening when the application times out. Instead of the filter being called the system is calling the dblogin module and attempting to login the anonymous user. I renamed the anonymous user and I just see log entries where the system attempted to find the anonymous user.
  If I use the application to logout I get a Logout page with a button to confirm the logout. When I press the button the session is invalidated and the filter code brings up my "Session Timeout" notification page. This isn't what will happen in the end but I just wanted to tell you that the filter does work in certain instances.
  How can I make the system not attempt to login the anonymous user and have the filter code run?
  TIA, Dave
  package isdbs.view.security;
  import java.io.IOException;
  import javax.servlet.Filter;
  import javax.servlet.FilterChain;
  import javax.servlet.FilterConfig;
  import javax.servlet.ServletException;
  import javax.servlet.ServletRequest;
  import javax.servlet.ServletResponse;
  import javax.servlet.http.HttpServletRequest;
  import javax.servlet.http.HttpServletResponse;
  public class ApplicationSessionExpiryFilter implements Filter {
      private FilterConfig _filterConfig = null;
      public void init(FilterConfig filterConfig) throws ServletException {
          _filterConfig = filterConfig;
      public void destroy() {
          _filterConfig = null;
      public void doFilter(ServletRequest request, ServletResponse response,
                           FilterChain chain) throws IOException, ServletException {
          String requestedSession =   ((HttpServletRequest)request).getRequestedSessionId();
          String currentWebSession =  ((HttpServletRequest)request).getSession().getId();
          boolean sessionOk = currentWebSession.equalsIgnoreCase(requestedSession);
          // if the requested session is null then this is the first application
          // request and "false" is acceptable
          if (!sessionOk && requestedSession != null){
              // the session has expired or renewed. Redirect request
              ((HttpServletResponse) response).sendRedirect(_filterConfig.getInitParameter("SessionTimeoutRedirect"));
          else{
              chain.doFilter(request, response);
  }Mar 30, 2009 9:38:04 AM oracle.security.jazn.oc4j.RealmUserAdaptor isMemberOf
  FINE: JAAS-OC4J: Membership check for group: ISDBS_USER failed for user: anonymous
  09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option debug = true
  09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option log level = log all
  09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option logger class = null
  09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option data_source_name = jdbc/elearnDS
  09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option user table = TBL_LOGIN
  09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option roles table = XREF_LOGIN_ROLE
  09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option username column = LOGIN_NM
  09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option password column = PASSWORD
  09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option roles column = ROLE_NM
  09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option user pk column = LOGIN_NM
  09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option roles fk column = LOGIN_NM
  09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option password encoding class = oracle.sample.dbloginmodule.util.DBLoginModuleClearTextEncoder
  09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option realm_column = null
  09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option application_realm = null
  09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] login called on DBTableLoginModule
  09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] Calling callbackhandler ...
  09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] Username returned by callback = null
  09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] User query string: select LOGIN_NM,PASSWORD, LOGIN_ATTEMPTS, ACTIVE_IND from TBL_LOGIN where lower(LOGIN_NM)= lower((?))
  09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] Logon Successful = false
  09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] Abort called on LoginModule
  Mar 30, 2009 9:38:04 AM oracle.security.jazn.oc4j.OC4JUtil doJAASLogin
  WARNING: Login Failure: all modules ignored
  javax.security.auth.login.LoginException: Login Failure: all modules ignored
       at javax.security.auth.login.LoginContext.invoke(LoginContext.java:921)
       at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
       at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
       at java.security.AccessController.doPrivileged(Native Method)
       at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
       at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
       at oracle.security.jazn.oc4j.OC4JUtil.doJAASLogin(OC4JUtil.java:241)
       at oracle.security.jazn.oc4j.GenericUser$1.run(JAZNUserManager.java:818)
       at oracle.security.jazn.oc4j.OC4JUtil.doWithJAZNClsLdr(OC4JUtil.java:173)
       at oracle.security.jazn.oc4j.GenericUser.authenticate(JAZNUserManager.java:814)
       at oracle.security.jazn.oc4j.FilterUser.authenticate(JAZNUserManager.java:1143)
       at com.evermind.server.http.EvermindHttpServletRequest.checkAndSetRemoteUser(EvermindHttpServletRequest.java:3760)
       at com.evermind.server.http.HttpRequestHandler.doProcessRequest(HttpRequestHandler.java:706)
       at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:453)
       at com.evermind.server.http.HttpRequestHandler.serveOneRequest(HttpRequestHandler.java:221)
       at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:122)
       at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:111)
       at oracle.oc4j.network.ServerSocketReadHandler$SafeRunnable.run(ServerSocketReadHandler.java:260)
       at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:303)
       at java.lang.Thread.run(Thread.java:595)
  Mar 30, 2009 9:38:04 AM oracle.security.jazn.oc4j.GenericUser authenticate
  FINE: JAAS-OC4J: Authentication failure for user: null
  Mar 30, 2009 9:38:04 AM oracle.security.jazn.oc4j.RealmUserAdaptor isMemberOf
  FINE: JAAS-OC4J: Membership check for group: ISDBS_USER failed for user: anonymous

  I added an HttpSessionListener upon login here's what I get:
  09/03/31 08:21:25 Inside sessionCreated
  09/03/31 08:21:25 Before New session createb = 0
  09/03/31 08:21:25 Created session id: 854b4b95cf28ceb065d0489a31ee79c19feabb80716f6d828b77fc7044b210bf
  09/03/31 08:21:25 After New session count = 1
  At session timeout here's what I get:
  09/03/31 08:23:27 Count before destroyed = 1
  09/03/31 08:23:27 Destroyed session id: 854b4b95cf28ceb065d0489a31ee79c19feabb80716f6d828b77fc7044b210bf
  09/03/31 08:23:27 Count after destroyed = 0
  09/03/31 08:23:27 Inside sessionCreated
  09/03/31 08:23:27 Before New session createb = 0
  09/03/31 08:23:27 Created session id: 854b4b95cf28ceb065d0489a31ee79c19feabb80716f6d828b77fc7044b210bf
  09/03/31 08:23:27 After New session count = 1
  Notice that the session Id in each case is IDENTICAL. That is why the Filter code isn't doing what it is intended to do. Whay is the same session ID being created after it is destroyed? Is there a configuration parameter that controls it?
  Thanks,
  Dave

• Session state and browser cache - Back button problem

  Hi all,
  I have a problem (and unless I'm missing something I think we all do) with session state and use of the browser's Back button. I really hope I'm just being dumb...
  Background scenario:
  Page P has a sidebar list allowing the user to select what content is displayed (e.g. 'stuff relating to X, Y or Z' where X, Y and Z are rows in, say, a table of projects). When a list entry is clicked, we branch to page P with the value of the list item placed in an application-level item (call it G_PROJECT). Reports on page P use G_PROJECT in their WHERE clauses.
  So, click list entry X and G_PROJECT is set to X and page P shows reports for project X.
  Page P also has a set of buttons which branch to various edit pages which allow attributes of page P's current project to be updated. These pages similarly use G_PROJECT in their WHERE clauses.
  Problem scenario:
  1. The user goes to page P and picks project X off the list. Project X's stuff is displayed (G_PROJECT = X).
  2. The user then picks project Y off the list. Project Y's stuff is displayed (G_PROJECT = Y).
  3. The user then clicks the browser's Back button. The page is served from browser cache, so project X's stuff is displayed, but G_PROJECT still = Y.
  4. The user clicks an 'Edit' button; we submit, and branch to an edit page which displays (and will edit) data for project Y because G_PROJECT still = Y.
  This is SERIOUSLY BAD NEWS - apart from being confusing, the user's edit permissions on projects X and Y may differ, and so the user may be able to perform 'illegal' updates.
  I've read what I can on this forum and the rest of the web looking for ways to a) inhibit browsers' 'Back' functions and/or b) prevent pages being cached by the browser, but none of them have worked for me.
  Short of waiting for browser manufacturers to recognise that the web is now full of applications as well as static pages, and enable robust programmatic control of cache behaviour, does anybody know how the problem can be avoided - or at least detected?
  Thanks,
  jd
  Failed attempts to date:
  <meta http-equiv="cache-control" content="no-cache">
  <meta http-equiv="cache-control" content="no-store">
  <meta http-equiv="cache-control" content="private">
  <meta http-equiv="cache-control" content="max-age=0, must-revalidate">
  <meta http-equiv="expires" content="Wed, 09 Aug 2000 01:01:01 GMT">
  <meta http-equiv="pragma" content="no-cache">
  Disallowing duplicate submission (page attribute).
  window.history.go(1);

  Thanks Scott,
  I may be being dumb here but I don't see how that would help...
  P250_PROJECT and G_PROJECT are currently kept in sync by app logic. Whichever is used to drive, if the page is rendered from cache then the app logic is not executed, so the rendered page contents are not those keyed by P250_PROJECT, as illustrated in steps 1-4 of the problem above.
  The user sees X, the session items say Y. The engine doesn't know what the user is seeing.
  when page P is POSTed, its hidden item P250_PROJECT should always be used to derive the application item G_PROJECT. Then whether the page was pulled from cache or rendered anew via a click from the sidebar link, the project ID is determined by the contents of that page.
  As I said above I tried this, with the 'Edit' branch set to:
  Set these items: G_PROJECT
  With these values: &P250_PROJECT.
  but it makes no difference. The project ID is not determined by the rendered page contents - the engine gets the value of P250_PROJECT from session state.
  I can code the 'Edit' pages such that they check permissions and if necessary redirect back to p250 (conditional before-header branch), but that's a clunky cure rather than the prevention I was hoping for.
  Please tell me if my understanding is incorrect.
  jd

• Session Timeout and Dynamic Actions

  Did anybody ever use the Session Timeout feature in APEX successfully?
  I have set an idle session timeout and provided an url to redirect to once the session is expired: Home > Application Builder > Application nnn > Shared Components > Edit Security Attributes > Session Timeout
  It works so far during the page rendering and page processing phase. But I have major problems with dynamic actions and custom ajax requests.
  Dynamic actions will just hang and simply don't return. Even worse, when I execute the dynamic action once the session is expired, the session seems to be physically deleted and thus the next click on a tab will not redirect to the expiration page but go straight to the login page.
  Did anybody make it work or is the best way to implement a custom session timeout?
  Thanks,
  Dietmar.

  Hi All,
  Check out the Session Timeout plug-in available here:
  http://skillbuilders.com/plugins
  Let me know if that helps.
  Regards,
  Dan
  blog: http://DanielMcghan.us/
  work: http://SkillBuilders.com/APEX/