Session Persistance Question

I was reading in the WebLogic 5.1 docs that you can configure the max.
          number of http sessions that can exist in a weblogic server instance. I
          believe the default is 1024. The docs say that on the 1025th user,
          weblogic will persist the LRU session to the persistence store. I'm
          confused as to how that works. Do I need to configure my session
          persistence for file or JDBC to make this work? Or does weblogic just
          write to a file on disk? I thought that if you configured for file or
          session persistence that every update for your session will be written
          to the file or database store. I was assuming that this would only
          occur the overhead of writing to file or database when the cache
          overflows. What am I missing here? Also, could you use this with
          in-memory replication across a cluster?

Similar Messages

Servlet session persistance within iAS 6.0 SP3

Hi,
Is it possible to provide failover for servlets, keeping session
persistance, between 2 iAS in a cluster?
What I trying to do is to use the iAS to provide me redundancy for an
application that is 100% based on Servlets and JSP (no EJBs). Is this
possible?
Marcelo Manta
Barcelona Technology Center
[email protected]
phone: +34 67 699-5921 (ESN 746)

Hi Manta,
Yes, it is very well possible with iAS.
If your application is already deployed than to make that distributed so
that both the iAS(Primary and Backup) will store the sesson information,
you need to change few entries of your application in the registry of
both iAS, these are -
- run kregedit
- go to iplanet/Application Server/6.0/J2EE-Module/<App_name> node
than
- insert your domain name value in session-domain key.
- modify the session-impl key value to distributed.
- insert the session-path key value as / (slash)
- ensure that the key session-dsync-type is dsync-distributed
at the end, your key values should look like this -
- session-domain=your.domain.name
- session-dsync-type=dsync-distributed
- session-impl=distributed
- session-path=/
Note: you should make these changes in the registry of all the iAS
servers that are participating in your cluster, or you can redeloy the
Application on all the servers, with appripriate deployment descriptor.
Than restart the two web servers(iws) and the two iAS servers in the
cluster.
Note: start the highest priority server(Primary) first.
The clustering and the distributed session failover can be better seen
through the clustering-examples/samples provided with iAS, like
clustering-servlet and clustering-jsp.
Please see the page:
http://<hostname.domainname>:<http-port>/ias-samples
for all the sample applications that comes with iAS and
http://<hostname.domainname>:<http-port>/ias-samples/cluster/docs/index.html
for cluster related sample application.
Please feel free to mail me if you have any further queries.
Sanjeev,
Developer Support Group iAS
"Manta, Marcelo [BLMES:0B70:EXCH]" wrote:
Hi,
Is it possible to provide failover for servlets, keeping session
persistance, between 2 iAS in a cluster?
What I trying to do is to use the iAS to provide me redundancy for an
application that is 100% based on Servlets and JSP (no EJBs). Is this
possible?
Marcelo Manta
Barcelona Technology Center
[email protected]
phone: +34 67 699-5921 (ESN 746)

Applet persistance question (basic?)

All:
Forgive the ignorance, but I am not a Java programmer at all... but am looking for some info.
What is the scope of a (untrusted) java applet in regards to IE browser sessions? For instance, if a web page initiates an applet load, does the applet stay in memory and continue to run after the user navigates away from the original page?
We are trying to find out if it is possible for a page to load a particular applet that records the URL string of IE browser windows, and have this applet persist throughout the user's browser session, even if they leave the original page, and if they open new browser windows. Is this possible, or is it just crazy?
Thanks for any help!
phong

We are trying to find out if it is possible for a page
to load a particular applet that records the URL
string of IE browser windows, and have this applet
persist throughout the user's browser session, even if
they leave the original page, and if they open new
browser windows. Is this possible, or is it just
crazy?And then make the user crazy trying to download anti spyware and adware and stuff. The question is why do you want the applet to be running once the user has left the page and would you ask for his permission to do so. Just as there is a law for the telemarketing guys there should be another one for these spyware guys who want to run there own agenda on the clients machine without his concent.

Session Timeout Question in EME

If I login to eManager Web and instead of logging out I just close the browser will I be logged out? Will the license be released? What is the session timeout for this and is it possible to set this value?

If you close the browser in e-Manager Enterprise Web instead of logging out there is a TimeOut that will release your license. This can be seen and is reported on in the e-Manager logs. By default the session TimeOut value is 30 minutes. You can find this and/or change this value by opening "<installdir>\Empirix\EmpAppServer\server\default\deploy\jbossweb-tomcat55.sar\conf\web.xml" in a notepad. Once the file is open, go the the ?Default Session Configuration? Section. Here you can change the TimeOut value. You will then need to save the file and restart the Empirix Application Service. The idle sessions are retired after the specified timeout is reached and the licenses are also checked upon this value. I hope this answers your questions.

General Design With Database and Session Bean Question

I have an application I am developing where users connect to individual databases located on a server. When they login an admin table is accessed which shows what databases they have permissions to. I am then storing the connection to the database in a backing bean. Hoping to use this connection throughout the session. Is this a good practice to have a users connection left open over the session? I can't create a database pool for each individual database and each user for that database.
If I can store that database connection in a session bean. How do I access that connection from another bean. Or from another java class? I am using Glassfish for my application server with JSF1.2. I have looked at resource injection but have not had any luck with sharing the session bean information.
Sorry if this is a trivial question. I have been a Java developer for years. But just starting developing webapps using JSF.
Thanks

JuCobb2 wrote:
I am then storing the connection to the database in a backing bean. Hoping to use this connection throughout the session. Is this a good practice to have a users connection left open over the session? No it is not. Why should you do so? Always keep the lifetime of connection, statement and resultset as short as possible.

V$SESSION columns question

Hi Gurus
I have a question regarding of the meaning of some columns in the V$SESSION table. I wonder what does the values in the following columns means?
ROW_WAIT_O
ROW_WAIT_F
ROW_WAIT_B
TADDR
LOCKWAIT
I find out that these columns always have some values when my users unable to log into the application. Even I kill the session that have lockwait, other users are still unable to connect and it happens around once every 2 months.
Thanks for the answer in advanced
Oui

V$SESSION
This view lists session information for each current session.
Column Datatype Description
SADDR
RAW(4 | 8)
Session address
SID
NUMBER
Session identifier
SERIAL#
NUMBER
Session serial number. Used to identify uniquely a session's objects. Guarantees that session-level commands are applied to the correct session objects if the session ends and another session begins with the same session ID.
AUDSID
NUMBER
Auditing session ID
PADDR
RAW(4 | 8)
Address of the process that owns this session
USER#
NUMBER
Oracle user identifier
USERNAME
VARCHAR2(30)
Oracle username
COMMAND
NUMBER
Command in progress (last statement parsed); for a list of values, see Table 3-3. These values also appear in the AUDIT_ACTIONS table.
OWNERID
NUMBER
The column contents are invalid if the value is 2147483644. Otherwise, this column contains the identifier of the user who owns the migratable session.
For operations using Parallel Slaves, interpret this value as a 4-byte value. The low-order 2 bytes of which represent the session number, and the high-order bytes the instance ID of the query coordinator.
TADDR
VARCHAR2(8)
Address of transaction state object
LOCKWAIT
VARCHAR2(8)
Address of lock waiting for; NULL if none
STATUS
VARCHAR2(8)
Status of the session: ACTIVE (currently executing SQL), INACTIVE, KILLED (marked to be killed), CACHED (temporarily cached for use by Oracle*XA), SNIPED (session inactive, waiting on the client)
SERVER
VARCHAR2(9)
Server type (DEDICATED| SHARED| PSEUDO| NONE)
SCHEMA#
NUMBER
Schema user identifier
SCHEMANAME
VARCHAR2(30)
Schema user name
OSUSER
VARCHAR2(30)
Operating system client user name
PROCESS
VARCHAR2(9)
Operating system client process ID
MACHINE
VARCHAR2(64)
Operating system machine name
TERMINAL
VARCHAR2(30)
Operating system terminal name
PROGRAM
VARCHAR2(48)
Operating system program name
TYPE
VARCHAR2(10)
Session type
SQL_ADDRESS
RAW(4)
Used with SQL_HASH_VALUE to identify the SQL statement that is currently being executed
SQL_HASH_VALUE
NUMBER
Used with SQL_ADDRESS to identify the SQL statement that is currently being executed
PREV_SQL_ADDR
RAW(4)
Used with PREV_HASH_VALUE to identify the last SQL statement executed
PREV_HASH_VALUE
NUMBER
Used with SQL_HASH_VALUE to identify the last SQL statement executed
MODULE
VARCHAR2(48)
Contains the name of the currently executing module as set by calling the DBMS_APPLICATION_INFO.SET_MODULE procedure
MODULE_HASH
NUMBER
The hash value of the above MODULE
ACTION
VARCHAR2(32)
Contains the name of the currently executing action as set by calling the DBMS_APPLICATION_INFO.SET_ACTION procedure
ACTION_HASH
NUMBER
The hash value of the above action name
CLIENT_INFO
VARCHAR2(64)
Information set by the DBMS_APPLICATION_INFO.SET_CLIENT_INFO procedure
FIXED_TABLE_SEQUENCE
NUMBER
This contains a number that increases every time the session completes a call to the database and there has been an intervening select from a dynamic performance table. This column can be used by performance monitors to monitor statistics in the database. Each time the performance monitor looks at the database, it only needs to look at sessions that are currently active or have a higher value in this column than the highest value that the performance monitor saw the last time. All the other sessions have been idle since the last time the performance monitor looked at the database.
ROW_WAIT_OBJ#
NUMBER
Object ID for the table containing the ROWID specified in ROW_WAIT_ROW#
ROW_WAIT_FILE#
NUMBER
Identifier for the datafile containing the ROWID specified in ROW_WAIT_ROW#. This column is valid only if the session is currently waiting for another transaction to commit and the value of ROW_WAIT_OBJ# is not -1.
ROW_WAIT_BLOCK#
NUMBER
Identifier for the block containing the ROWID specified in ROW_WAIT_ROW#. This column is valid only if the session is currently waiting for another transaction to commit and the value of ROW_WAIT_OBJ# is not -1.
ROW_WAIT_ROW#
NUMBER
The current ROWID being locked. This column is valid only if the session is currently waiting for another transaction to commit and the value of ROW_WAIT_OBJ# is not -1.
LOGON_TIME
DATE
Time of logon
LAST_CALL_ET
NUMBER
The last call
PDML_ENABLED
VARCHAR2(3)
This column has been replaced by column PDML_STATUS
FAILOVER_TYPE
VARCHAR2(13)
Indicates whether and to what extent transparent application failover (TAF) is enabled for the session:
NONE - failover is disabled for this session
SESSION - the client is able to fail over its session following a disconnect
SELECT - the client is able to fail over queries in progress as well
See Also:
Oracle9i Database Concepts for more information on TAF
Oracle9i Net Services Administrator's Guide for information on configuring TAF
FAILOVER_METHOD
VARCHAR2(10)
Indicates the transparent application failover method for the session:
NONE - failover is disabled for this session
BASIC - the client itself reconnects following a disconnect
PRECONNECT - the backup instance can support all connections from every instance for which it is backup
FAILED_OVER
VARCHAR2(3)
Indicates (YES|NO) whether the session is running in failover mode and failover has occurred
RESOURCE_CONSUMER_GROUP
VARCHAR2(32)
Name of the session's current resource consumer group
PDML_STATUS
VARCHAR2(8)
If ENABLED, the session is in a PARALLEL DML enabled mode. If DISABLED, PARALLEL DML enabled mode is not supported for the session. If FORCED, the session has been altered to force PARALLEL DML.
PDDL_STATUS
VARCHAR2(8)
If ENABLED, the session is in a PARALLEL DDL enabled mode. If DISABLED, PARALLEL DDL enabled mode is not supported for the session. If FORCED, the session has been altered to force PARALLEL DDL.
PQ_STATUS
VARCHAR2(8)
If ENABLED, the session is in a PARALLEL QUERY enabled mode. If DISABLED, PARALLEL QUERY enabled mode is not supported for the session. If FORCED, the session has been altered to force PARALLEL QUERY.
CURRENT_QUEUE_DURATION
NUMBER
If queued (1), the current amount of time the session has been queued. If not currently queued, value is 0.
CLIENT_IDENTIFIER
VARCHAR2(64)
http://download-west.oracle.com/docs/cd/B10501_01/server.920/a96536/ch3171.htm#1122127
Joel P�rez

Session Binding Question

Hello All,
I might be missing something, but I am trying to bind a session when a user logs
in and out of my web application in order to be able to actively track online usage,
however I can't seem to get it to work.
I would appreciate any help that may shed some light on the problem.
I invoke the bind listener in a servlet thus:
session.setAttribute("listener", listener);
I have a simple BindListener Class:
import javax.servlet.http.*;
public class BindListener implements HttpSessionBindingListener
public int numSessions = 0;
public BindListener()
public synchronized void valueBound(HttpSessionBindingEvent event)
numSessions++;
public synchronized void valueUnbound(HttpSessionBindingEvent event)
numSessions--;
public int getNumSessions()
return numSessions;
However when I call a jsp page to monitor the online connections with the command
BindListener listener = new BindListener();
listener.getNumSessions()
It always reports a 0 value even though I have serveral sessions running.
Can anyone help explain why the counter is not working?
I would extremely grateful of any assistance on this issue.
Thanks in advance.
Regards
Les,

Greetings,
I would appreciate any help that may shed some light
on the problem.First, it's important to understand a couple things about binding listeners:
1. A session binding listener is an object that listens for its own binding; IOW, it receives notifications when it specifically is bound to or unbound from the session; and
2. A session binding listener is specific to the session to which it is bound.
I invoke the bind listener in a servlet thus:
session.setAttribute("listener", listener);After the container binds the specified listener instance to this particular session, it calls the object's valueBound method...
Conversely, when (after) the object is removed from the session by calling
 session.removeAttribute( "listener" );or
 session.invalidate(); // Which implicitly calls the above ;)then it's valueUnbound method is called.
I have a simple BindListener Class:
import javax.servlet.http.*;
public class BindListener implements
HttpSessionBindingListener
public int numSessions = 0;
public BindListener()
public synchronized void
valueBound(HttpSessionBindingEvent event)Synchronizing this method only keeps multiple threads from concurrently calling it on this instance... Since it's the current container instance that calls these (container callback) methods, there will (should) be only one thread calling it...
numSessions++;
}numSessions will only ever be 1 (at most), since this method only gets called when the instance is bound to the session - which is only when your user logs in. Again, session objects ('listener' or otherwise), unless persisted, exist only for the life of the current session...
public synchronized void
valueUnbound(HttpSessionBindingEvent event)
numSessions--;
}Refer again to the above. Incidentally, what are you trying to achieve with this?
public int getNumSessions()
return numSessions;
}Refer again to the above. :)
However when I call a jsp page to monitor the online
connections with the command
BindListener listener = new BindListener();This simply invokes the class' constructor and - most importantly in this case ;) - creates a new instance of the class, and...
listener.getNumSessions();
It always reports a 0 value even though I haveSince this is a new instance whose 'numSessions' member is initialized to '0', the accessor is reporting correctly.
To get an existing listener object for the current session use:
<jsp:useBean id="listener" scope="session" class="BindListener"/>...then one of:
<jsp:getProperty name="listener" property="numSessions"/>
<%-- or --%>
<%= listener.getNumSessions() %>Keep in mind, however, that the above only retrieves the listener object for, again, the current session and whose 'numSessions' will still only be '1' (as currently implemented ;).
serveral sessions running.A session is a reference to a client's life in the application (refer to thread http://forum.java.sun.com/thread.jsp?forum=13&thread=249978 for further discussion on "session life"); one session cannot access the (in memory ;) information of other sessions...
Can anyone help explain why the counter is not
working?Refer again to all the above. :)
I would extremely grateful of any assistance on this
issue.If your goal is to track "online usage" then you're on the right track. However, as explained, the current implementation will only count the current session. To keep track of all sessions for a user your bean needs to persist and re-load the current count statistics for the user. The following illustrates:
import java.io.*;
import java.util.*;
import javax.servlet.http.*;
* Tracks user login counts. A count of user's accesses is stored
* in a file within the webapp space.
* NOTE: This class is intended only to illustrate a method for
* managing persistent session tracking.
* @author Tony "Vee Schade" Cook, [email protected]
public class SessionTracker implements HttpSessionBindingListener
 * Creates a new session tracking instance.
 * @param sessionFile the user specific session file.
 public SessionTracker( File sessionFile )
 this.sessionFile = sessionFile;
 * Loads current session count.
 public void valueBound( HttpSessionBindingEvent event )
 Properties data = new Properties();
 try {
 data.load( new FileInputStream( sessionFile ) );
 numSessions = Integer.parseInt( data.getProperty( "count" ) );
 catch( Exception ex ) {
 /* Assume no persistent data, or corrupt/invalid...
 * either way, accept default numSessions = 0
 /* Remember this session too! ;)
 numSessions++;
 * Stores current session count for later retrieval.
 public void valueUnbound( HttpSessionBindingEvent event )
 Properties data = new Properties();
 data.setProperty( "count", Integer.toString( numSessions ) );
 try {
 data.store( new FileOutputStream( sessionFile ), sessionFile.toString() );
 catch( Exception ex ) {
 /* Sorry, Charley - "log" the error for the administrator.
 ex.printStackTrace();
 * Returns current session count for this user.
 public int getNumSessions()
 return numSessions;
 private File sessionFile;
 private int numSessions;
}The above should actually be using a database for the persistence if you also want to be able to efficiently access the count statistics from a separate session. Yet, the above illustrates what is needed (session persistence) and should get you started in the right direction. :)
I hope this helps.
Thanks in advance.
Regards
Les,Regards,
Tony "Vee Schade" Cook

Session var question

never mind...got it
Edited by: mbowles on Aug 27, 2009 6:03 AM

To answer your question no. For security reasons, you cannot retrieve a sessoin using its ID.
Is it an extremely secure piece of information?
If the servlet and applet are talking to the same web application, you could possibly pass the data via the application scope (have a map in application scope, keyed by the session ID, and put the value to pass in that)
Its not completely secure, because any servlet/jsp in the application can view that data, but it is a sidestep hack to accomplish what you wish :-)

NI session manager question

I use NI session manager to control instrument,when I get the instrumenthandle and can testing .but my question is :
if I close instrument power and not close NI teststand,but the teststand can run sucess ,my dll document run in demo.
but I think there must be a error ,and the dll return value is 0. in fact ,if the instrument closed, the return value maybe a negative.
how can I deal with it ?

Hello Sean,
I want to make sure I fully understand your question. Do you have a DLL that you are calling in your TestStand sequence as a code module? If so, does a function within the DLL return a negative number if the instrument is not powered? Is your overall question how can you determine whether the return value from the DLL is negative and make a decision based on this result? Thanks in advance for these answers!
Matt G.
National Instruments
Applications Engineering

Session object question put vs. putValue vs. setAttribute?

I have the following code:
<%@ page import="java.util.*" %>
<jsp:useBean id="EducationBean" class="java.util.Hashtable" scope="session" />
<%
String swCurrFileName = "swcontrol.jsp";
Enumeration params = request.getParameterNames();
while (params.hasMoreElements()) {
String name = (String)params.nextElement();
EducationBean.put(name, request.getParameter(name));
%>
My question is I can't find any documentation on the put command, whats the difference between 'put', and 'putValue', and 'setAttribute'? When I try using the 'putValue' or 'setAttribute' command I get errors.
What I'm trying to do is store form values in a session object across several pages, and on the last page display all the form values from the previous pages.

the object you are calling put on is a java.util.Hashtable. put places an object into the table to be keyed off of another object. In your case, your key is the variable name and the object to be stored is your parameter from that name.
the putValue and setAttribute are methods on the session object. They both do the same action as above, but are for HttpSession objects. putValue is deprecated and you should be using setAttribute, but most WebServers have putValue() pointing to the setAttribute() method. hope this helps.

Sessions persist even after logout?

Another problem I am having is that sessions seems to persist even after the portal user has logged out. When I log back in, some settings (which I configured in the previous session) are still set - but I want it reset to the default state.
It holds the session for 1800 seconds (30 minutes) of inactivity before it will clear it... Documentation I read says that the session should be cleared when the user is logged out, but that doesn't seem to be the case.
Suggestions as to what I might be doing incorrectly?
Thanks,
- Nick

Interesting - I didn't know about that (I'm light on the Admin skills of Oracle Portal)...
My logout behaviour is indeed set to "Logout closes both the Login Server application and Single Sign-On sessions" - the single sign-on session duration is 24 hours (but I am not sure it matters).
Something else unusual about the portlet behaviour:
One page I have that has 3 portlets on it (this is a navigation portlet, which remembers your last selected location) - when I logout, that session is cleared (or seems to be)
On the another page I have 2 portlets on it and when I logout, that session is NOT cleared...
Page caching is turned off in both my browser and in Oracle Portal, my portlet has a call to setPageExpires(0)...
The code specifically is:
// get the current session
ProviderSession session = pr.getSession();
// determine the unique parameter to save in the session
String pathURL = PortletRendererUtil.portletParameter( pr.getPortletReference(), "url" );
// get the previous value saved (if there is one)
currentURL = (String) session.getAttribute(pathURL);
// save the new URL
session.setAttribute(pathURL, newURL);

Postmerge session event question

We have implemented a custom session event listener that utilizes the postmerge session event.
We have observed some unexpected behavior and were hoping that the product architect or manager could explain this behavior.
We have the following graph of objects:
A has a many-to-many privately owned collection of B
B in turn has a many-to-many privately owned collection of C
After commiting a transaction involving object A we observe:
postMerge event for A
postMerge event of each of A's privately owned Bs
yet NO postMerge event for any of B's privately owned Cs
Questions:
1) Is this the expected behavior?
2) Since we need to do some processing of Cs, we are using the postMerge event that occurs on Bs to update the Cs. Is this a safe/correct approach?
3) In a transaction that involved only updates to Cs, (no changes to A or B), would we see a postMerge event for each updated C?
Thanks in advance for any clarification you can provide.
...Steve

You could paste the results (tkprof ?) of the trace.
The "missing" time could be an uninstrumented wait --- i.e. a wait event that is not captured in v$session_event. Particularly because you are using external calls.
For example, see "Case Study 1" at http://blog.tanelpoder.com/2007/08/27/advanced-oracle-troubleshooting-guide-part-2-no-magic-is-needed-systematic-approach-will-do/
Hemant K Chitale

Session cookie question?

This is a really stupid question but i need the answer lol is a session cookie and a session the same thing? if not whats different and which is better to use to see if a user is logged on my site?

A "session" is stored in memory on the server and is bound to a specific "sessionId". The sessionId is stored in a cookie by default. When the browser submits the cookie the webserver can use that value to link an existing session to that client.

Authentication & Session Management questions

Hi. Apex 2.2.1. I'm going crazy trying to set up authentication for my application. I'd appreciate any pointers. My scenario is
Siteminder intercepts all calls to the application
User authenticates with Siteminder
If authenticated, Siteminder sets HTTP_SM_USER in the header
If not authenticated, then APEX is never called
Pull the user out of the header
Create a session if needed
Log the user in if needed
Redirect the user to the request page
I've followed the example that I've found in the forum and set up a page sentry function to create a session when the user first comes in. After that I try to verify that the session belongs to them. That's not working because wwv_flow_custom_auth_std.get_username never returns a value. I think that's because I'm not logging the user in to APEX. I can't figure out the difference between wwv_flow_custom_auth_std.post_login and wwv_flow_custom_auth_std.login. (it probably doesn't help that I inherited the application from some consultants that left a year ago and there is no documentation on it or even APEX here at my site).
Mike

Thanks, Scott. The problem is that it seems to keep looping. You can see from the log that it creates the session, then invalidates it, then creates it, etc.
Mike
debug log
 384 1000 Enter 604 - 1 user MDHENDER session NOT valid
 384 4000 session is NOT valid
 384 4100 dn_network_id is acct\mdhender
 384 5000 creating a new session
 384 5010 created new session
 384 6000 setting up follow up url
 384 6010 follow up url is 604:1:
 384 7000 register new session
 384 7010 registered session
 384 9000 clean exit
 385 1000 Enter 604 - 1 user MDHENDER session valid
 385 3000 session is valid 1707655438517376
 385 3010 authenticated user MDHENDER cookie
 385 3100 marker
 385 3200 marker
 386 1000 Enter 604 - 1 user MDHENDER session NOT valid
 386 4000 session is NOT valid
 386 4100 dn_network_id is acct\mdhender
 386 5000 creating a new session
 386 5010 created new session
 386 6000 setting up follow up url
 386 6010 follow up url is 604:1:
 386 7000 register new session
 386 7010 registered session
 386 9000 clean exit
 387 1000 Enter 604 - 1 user MDHENDER session valid
 387 3000 session is valid 2743127946937676
 387 3010 authenticated user MDHENDER cookie
 387 3100 marker
 387 3200 marker
Here is the code
<code>
CREATE OR REPLACE FUNCTION lmf_siteminder_page_sentry RETURN BOOLEAN IS
vAuthenticatedUsername VARCHAR2(512);
vCurrentSessionId NUMBER;
vDeclaredUser VARCHAR2(512);
vLogFlag VARCHAR2(1);
vMaxIdleMinutes NUMBER := 15;
vNextPage VARCHAR2(1024);
vTransNo NUMBER;
PROCEDURE log_msg(vFlag in varchar2,
vTransNo in number,
vSeqNo in number,
vMessage in varchar2) is
pragma autonomous_transaction;
BEGIN
IF vFlag = 'Y' THEN
insert into sm_debug_log
(transno, seqno, msg)
values
(vTransNo, vSeqNo, vMessage);
commit;
END IF;
EXCEPTION
WHEN OTHERS THEN
rollback;
raise;
END;
-- determine if the siteminder user is authorized
FUNCTION CheckAuthorizedUser(vUserName in varchar2) return boolean is
vDeclaredUser VARCHAR2(512);
BEGIN
-- verify that the user is supposed to have access to the application.
-- a quick check of the authorized users table will settle that question
select dn_network_id
into vDeclaredUser
from user_authorization
where UPPER(network_id) = UPPER(vUserName);
return true;
EXCEPTION
WHEN OTHERS THEN
return false;
END;
-- if the session cookie's user matches our authenticated user then
-- return true
FUNCTION CheckCookieUser(vUserName in varchar2) return boolean is
BEGIN
IF vAuthenticatedUsername = wwv_flow_custom_auth_std.get_username THEN
return true;
END IF;
return false;
END;
FUNCTION URLRedirect(vUrl IN varchar2) return boolean is
BEGIN
log_msg(vLogFlag, vTransNo, 9999, 'redirect => ' || vUrl);
owa_util.redirect_url(vUrl, true);
wwv_flow.g_unrecoverable_error := true;
return false;
END;
BEGIN
BEGIN
select debug, sm_seq_no.nextval
into vLogFlag, vTransNo
from sm_settings;
EXCEPTION
WHEN OTHERS THEN
vLogFlag := 'N';
END;
-- get authenticated user from siteminder. APEX may expect it
-- to be upper case
vAuthenticatedUsername := UPPER(lmf_siteminder_user());
IF wwv_flow_custom_auth_std.is_session_valid THEN
log_msg(vLogFlag,
vTransNo,
1000,
'Enter ' || v('APP_ID') || ' - ' || v('APP_PAGE_ID') ||
' user ' || nvl(vAuthenticatedUsername, '*null*') ||
' session valid');
ELSE
log_msg(vLogFlag,
vTransNo,
1000,
'Enter ' || v('APP_ID') || ' - ' || v('APP_PAGE_ID') ||
' user ' || nvl(vAuthenticatedUsername, '*null*') ||
' session NOT valid');
END IF;
-- no surprise here - let anyone view a page flagged as public
IF htmldb_custom_auth.current_page_is_public THEN
log_msg(vLogFlag, vTransNo, 1010, 'current page is public');
return true;
END IF;
-- redirect all unauthorized users to our no-access page
IF not CheckAuthorizedUser(vAuthenticatedUsername) THEN
-- send the user to our unathorized page
log_msg(vLogFlag,
vTransNo,
1100,
'unable to find dn_network_id for authenticated user ' ||
lmf_siteminder_user());
log_msg(vLogFlag,
vTransNo,
1110,
'try a redirect to ' || '/pls/apex/f?p=' || v('APP_ID') ||
':105:' || vCurrentSessionId || ':');
return URLRedirect('/pls/apex/f?p=' || v('APP_ID') || ':105:' ||
vCurrentSessionId || ':');
END IF;
-- use the current session if it is valid and assigned to
-- our authenticated user
IF wwv_flow_custom_auth_std.is_session_valid THEN
vCurrentSessionId := wwv_flow_custom_auth_std.get_session_id_from_cookie;
log_msg(vLogFlag,
vTransNo,
3000,
'session is valid ' || vCurrentSessionId);
log_msg(vLogFlag,
vTransNo,
3010,
'authenticated user ' || vAuthenticatedUsername || ' cookie ' ||
wwv_flow_custom_auth_std.get_username);
-- if the session cookie's user matches our authenticated user then
-- accept it and proceed with displaying the page
IF CheckCookieUser(vAuthenticatedUsername) THEN
wwv_flow_custom_auth.define_user_session(p_user => vAuthenticatedUsername,
p_session_id => vCurrentSessionId);
return true;
END IF;
log_msg(vLogFlag, vTransNo, 3100, 'marker');
-- the names do not match. assume that someone hijacked the session.
-- invalidate it and bump them out
-- Unset the session cookie and redirect back here to take other branch
wwv_flow_custom_auth_std.logout(p_this_flow => v('APP_ID'),
p_next_flow_page_sess => v('APP_ID') || ':' ||
nvl(v('APP_PAGE_ID'),
0) || ':' ||
vCurrentSessionId);
wwv_flow.g_unrecoverable_error := true;
log_msg(vLogFlag, vTransNo, 3200, 'marker');
-- tell APEX that we are not pleased
return false;
END IF;
log_msg(vLogFlag, vTransNo, 4000, 'session is NOT valid');
-- we did not have a valid session so verify that the user is supposed
-- to access our application. a quick check of the authorized users
-- table will settle that question for us
BEGIN
select dn_network_id
into vDeclaredUser
from user_authorization
where UPPER(network_id) = vAuthenticatedUsername;
log_msg(vLogFlag, vTransNo, 4100, 'dn_network_id is ' || vDeclaredUser);
EXCEPTION
WHEN NO_DATA_FOUND THEN
-- send the user to our unathorized page
log_msg(vLogFlag,
vTransNo,
4900,
'unable to find dn_network_id for authenticated user ' ||
vDeclaredUser);
log_msg(vLogFlag,
vTransNo,
4910,
'try a redirect to ' || '/pls/apex/f?p=' || v('APP_ID') ||
':105:' || vCurrentSessionId || ':');
return URLRedirect('/pls/apex/f?p=' || v('APP_ID') || ':105:' ||
vCurrentSessionId || ':');
END;
-- create new session
log_msg(vLogFlag, vTransNo, 5000, 'creating a new session');
wwv_flow_custom_auth.define_user_session(p_user => vAuthenticatedUsername,
p_session_id => wwv_flow_custom_auth.get_next_session_id);
log_msg(vLogFlag, vTransNo, 5010, 'created new session');
wwv_flow.g_unrecoverable_error := true;
-- set cookie
-- set the followup URL to page 1
log_msg(vLogFlag, vTransNo, 6000, 'setting up follow up url');
vNextPage := to_char(wwv_flow.g_flow_id) || ':1:';
log_msg(vLogFlag, vTransNo, 6010, 'follow up url is ' || vNextPage);
--wwv_flow_custom_auth.remember_deep_link(p_url => vNextPage);
--log_msg(vLogFlag, vTransNo, 6020, 'completed follow up url');
--IF owa_util.get_cgi_env('REQUEST_METHOD') = 'GET' THEN
-- wwv_flow_custom_auth.remember_deep_link(p_url => 'f?' ||
-- wwv_flow_utilities.url_decode2(owa_util.get_cgi_env('QUERY_STRING')));
--ELSE
-- wwv_flow_custom_auth.remember_deep_link(p_url => 'f?p=' ||
-- to_char(wwv_flow.g_flow_id) || ':' ||
-- to_char(nvl(wwv_flow.g_flow_step_id,
-- 0)) || ':' ||
-- to_char(wwv_flow.g_instance));
--END IF;
-- register new session with the application
log_msg(vLogFlag, vTransNo, 7000, 'register new session');
if 0 < 1 then
wwv_flow_custom_auth_std.post_login(p_uname => vAuthenticatedUsername,
p_flow_page => vNextPage);
log_msg(vLogFlag, vTransNo, 7010, 'registered session');
else
wwv_flow_custom_auth_std.login(P_UNAME => vAuthenticatedUsername,
P_PASSWORD => 'dummy',
P_SESSION_ID => v('APP_SESSION'),
P_FLOW_PAGE => v('APP_ID') || ':1');
log_msg(vLogFlag, vTransNo, 7011, 'registered session');
end if;
if 0 > 1 then
owa_util.mime_header('text/html', FALSE);
owa_cookie.send(name => 'LOGIN_USERNAME_COOKIE',
value => vAuthenticatedUsername,
expires => null,
path => '/',
secure => 'yes');
owa_cookie.send(name => 'HTMLDB_IDLE_SESSION',
value => to_char(sysdate + (vMaxIdleMinutes / 1440),
'DD-MON-YYYY HH24:MI:SS'),
expires => null,
path => '/',
secure => 'yes');
end if;
log_msg(vLogFlag, vTransNo, 9000, 'clean exit');
-- tell htmldb engine to quit
return false;
EXCEPTION
WHEN OTHERS THEN
return false;
END;
</code>

Customer login session tracking questions

Hi,
I work for a research support group at a university. We have a mixed platform environment. The nature of the services we provide requires that we bill for time spent on out compute devices.
There are a couple of questions in this posting. The fundamental one though is -- for 10.4 and higher Macs running on Intel and non-Intel hardware what is the "best" solution to track login sessions for our customers? A session has to include the concepts of logging in and out from the console or remote (ssh) access to the machine(s).
I am interested in Apple native and third party or open source solutions. I need to track/log that customer-X logged in to machine-M at dateTime-T and logged out at dateTime-T'. I also need to know if the machine was (re)booted or had some other action occur that would impact a customer login session.
So the main question is, are there existing customer session tracking solutions?
I have an existing home grown (non-Intel) solution that works well on non-Intel macs and other *nix boxes. It is a daemon that reads accumulated, rotated wtmp files and then "hangs" on the current wtmp file waiting for and processing session records as they arrive.
This worked like a champ until we installed our first Intel Mac. I re-compiled the C code that uses the utmp.h include files and structs to get at the info but it silently fails. I received some advice on changing my make file and am currently using:
# Mac OS
CC = gcc -Wall -g
CFLAGS = -I/usr/include/mysql -isysroot \
/Developer/SDKs/MacOSX10.4u.sdk -arch ppc -arch i386 \
-framework CoreServices
LDFLAGS = -L/usr/lib/mysql -lmysqlclient -lz \
-Wl,-syslibroot,/Developer/SDKs/MacOSX10.4u.sdk \
-arch ppc -arch i386
PLATFORM = osx
wtmp_parser: wtmp_parser.c
${CC} ${CFLAGS} -o $@ $? ${LDFLAGS}
/bin/mv $@ $@.${PLATFORM}
Again, this compiles without error but silently fails. I don't know anything about compiling on any Macs, much less these new ones. Ideas are greatly appreciated.
Lastly, I have started reworking the whole setup and may move it all to perl. Here I can read the wtmp files easily using unpack() even on the Intel Macs. I can daemonize the thing but I'm stumbling a bit on one issue.
I have noticed in the past that there can be a sort of race condition during the wtmp rotation on some machines where the active wtmp gets rotated but the old logging still writes one or two records to the rotated file before switching to the new one. I was starting to look into a programmatic solution for this when I looked at the rotated wtmp files on this one machine and I see file dates of:
Dec 5 15:29 wtmp
Oct 1 01:47 wtmp.0.gz
Aug 29 16:05 wtmp.1.gz
Aug 1 05:29 wtmp.2.gz
Jul 31 18:26 wtmp.3.gz
May 31 2007 wtmp.4.gz
Okee... I know there is a /etc/monthly script that should be doing the rotation but it looks like it is not doing what I expect. It seems that it is not rotating all the existing files correctly. Ideas?

I am done. Sorry for bothering

Session Persistance Question

Similar Messages

Maybe you are looking for