Session regeneration at every request

Similar Messages

• New session created with every request

  Hi there,
  I have an web application that we used to deploy on tomcat, websphere and bea without any trouble. We are trying to move to support OAS and the application gives this peculiar behavior:
  A new session is created with every single request by the client browser. I have searched these forums for the better part of today and read some interesting similar cases but none of the fixes seem to have any effect on my problem.
  Is there a different way I need to request the session object from the request in the app for OAS? Or is there a configuration that I should have? I am deploying the app as a .war file. Is there a better way to deploy on OAS, should I stick the war in a .ear?
  Any help on this would be most greatly appreciated!
  Thanks,
  -Adam

  I have a problem that matches with this subject line but its somewhat different. This original posting wants to create new session and invalidate the existing one but my problem is to keep the session invalide if it has expired for the browser.
  Anyways, here is my problem. I have JSP named entity_actions.jsp which has 3 pop-up links that opens up with code like:
  window.open('restaurantentry.do?entityName=restaurant')
  window.open('districtentry.do?entityName=district')
  window.open('baseentry.do?entityName=base')
  My web.xml has this tag:
  <session-config>
  <session-timeout>5</session-timeout>
  </session-config>
  And the way forward the response for each request is:
  context.getRequestDispatcher(urlString).forward(request, response);
  The code I check for session timeout is:
  private void checkForSessionTimeOut(HttpServletRequest request)
  throws SessionTimeoutException
  HttpSession current_session = request.getSession(false);
  logger.info(CLASS_OBJECT, "Session in checkForSessionTimeOut(): "+current_session);
  if (current_session == null)
  logger.error(CLASS_OBJECT, "SessionTimeOutException has thrown.");
  throw new SessionTimeoutException("sessionTimeOut");
  Now lets say I want to show the end user session expiry page after 5 mins of idle time. Now from entity_actions.jsp when I click/open any one popup first time after 5 mins of idle time/session expire,
  logger.info(CLASS_OBJECT, "Session in checkForSessionTimeOut(): "+current_session);
  this loggers shows current_session as 'null' and I can display session exp mesg on the popup page. But when I click/open any other popup or any other link on the page it DOES WORK instead of having current_session = null, it creates new one. And I can see the sessionid which is different than fist session created on the same base page/browser.
  The same pattern of code used to work on Tomcat and JRun before for showing consistant session expiry on all the clicks being made on the same browswer after session gets expire.
  Why OC4J / JDev 10.1.3 is creating new session on the same browser even after session has expired?
  How can I fix this?
  Thanks

• Session is set for every request

  Hi,
  With WL Server 6.1SP1 we have some peculiar problem. Every request
  is considered as a new request and a new session object is created. So
  the information we stored in the session is no longer available for
  subsequent requests. This behaviour is seen intermittently. Session is
  not invalidated and session is not timed out.
  Thanks,
  Prasad

  Try:
  - Reset the iOS device. Nothing will be lost
  Reset iOS device: Hold down the On/Off button and the Home button at the same time for at
  least ten seconds, until the Apple logo appears.
  - Reset all settings      
  Go to Settings > General > Reset and tap Reset All Settings.
  All your preferences and settings are reset. Information (such as contacts and calendars) and media (such as songs and videos) aren’t affected.
  - Restore from backup. See:                                 
  iOS: How to back up                                                                
  - Restore to factory settings/new iOS device.             
  If still problem, make an appointment at the Genius Bar of an Apple store since it appears you have a hardware problem.
  Apple Retail Store - Genius Bar                                      

• Losing portelt session after every request

  Using bwa wl portal server 8.1 on wxp sp2
  Hello all
  We wrote some JSR 168 compliant portlets and deployed them accoring to the bea doc. Basically our portlets seem to work. However, there are some issues that could be tracked down to one problem:
  Somehow the session gets lost on every request! One action request uses the same portlet session during action/render cycle, but two consecutive calls to the same portal page yield different sessions, so holding any session variables is next to useless.
  The deployment szenario is this:
  Using bea workshop i created an application and deployed our complete jsr168 portal application. Since bea does not enforce a login/does not impose any login restrictions, i created another application which imported a second portal project, which used the first application as a wsrp portlet provider.
  The second application merily consists of a web.xml containing only security restrictions:
  <web-app id="WebApp">
  <display-name>Livelink Portal Integration Kit</display-name>
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>Portal</web-resource-name>
  <description>Security constraint for the whole portal</description>
  <url-pattern>/*</url-pattern>
  <http-method>GET</http-method>
  <http-method>POST</http-method>
  </web-resource-collection>
  <auth-constraint>
  <description>all users</description>
  <role-name>Users</role-name>
  </auth-constraint>
  </security-constraint>
  <login-config>
  <auth-method>BASIC</auth-method>
  <realm-name>default</realm-name>
  </login-config>
  <security-role>
  <role-name>Users</role-name>
  </security-role>
  </web-app>
  At first i tried to add these security restrictions to the wsrp application but then the wsrp provider could not be reached so i split the applications.
  So - how do i prevent bea from created a bunch of sessions? What am i doing wrong?

  Hi
  In server.xml, do you have cookies=true for both contexts (and the defaultContext)? I'm not sure how it would behave if one context was true and the other false.
  Alternatively, could it have something to do with the crossContext attribute?
  --Jon                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       

• Is lookup required for every request(SLSB)?

  Hi,
  I have a SLSB and a client that makes frequent requests as needed. The question is, should the client make a fresh lookup for every request in a session or just once per session?
  I have tried both the ways and got it to work...but can someone tell me the correct approach for lookup?
  thanks in advance.

  Thanks for the reply!
  By your statment that EJB Home Handle can be cached, I understand the following..
  MyBeanRemote mybean = null; // declaring as class variable.
  // making a request
  if(mybean==null)
  lookupBean();
  mybean.doSomething();
  // making next request
  if(mybean==null)
  lookupBean();
  mybean.doSomethingMore();
  // here goes the lookup...
  lookupbean() {
     mybean = ...lookup("......");
  }so, this is how before each request, I check if the mybean is null. in lookupBean(), the bean-lookup process is executed and reference is set to mybean.
  am I right?

• Specify filter for every request except one

  Can a in me web.xml file specify that a filter should be used for every request except one.
  I can write;
  <filter-mapping>
       <filter-name>MyFilter</filter-name>     
       <url-pattern>/*</url-pattern>
  </filter-mapping>
  to use it on every request. But how do I exclude one specific resource that shouldn't go though the filter.
  I know that this may not be exactly the right forum but i'm really lost. I appreciate all suggestion.
  Thanks / Daniel

  This is the right forum, but unforutanetly you cannot exclude some urls.
  I would suggest you handle that logic in the filter itself.

• Servlet 2.3 - Filters for every request to the WebContainer

  I want to filter every request to the web container. How do I deploy the filter without confining it to a particular context? For example, I would want to filter everything that went to www.bea.com. But if I deploy it as a webapp, it will only filter from www.bea.com/mywebapp. So I lose any request that go to www.bea.com/anothercontext. I have tried mapping the filter to the FileServlet, but once again, it only works inside of the context of the webapp.
            Is there a way to map the Filter to the docroot of the server?
            I am using Weblogic 6.1 and am currently deploying every thing as a .war file
            

  yep - thats my understanding
            I dont know of a way to deploy a single filter at the server level that
            covers all webapps. I'm not saying there isnt a way - I don't know of one
            Anyone out there know for sure?
            "Chip Sands" <[email protected]> wrote in message
            news:[email protected]...
            >
            > Please correct me if I am wrong, but that would mean that I would have to
            deploy
            > my filter into every webapp on the server because "/" is relative to the
            context.
            >
            > Unfortunately, that is not an option for me. I do not have knowledge of
            the other
            > webapps deployed on the server, but am required to have all requests to
            those
            > contexts go through my filter.
            > I was hoping there was a way to deploy a filter outside of a webapp and
            stick
            > it at the docroot of the server.
            >
            > Chip
            > "Matt Krevs" <[email protected]> wrote:
            > >I'm not sure you can do this
            > >
            > >The only way I can think of is to deploy your filter in all of your web
            > >apps
            > >and map it against the root context of each web app
            > >
            > >What happens if you deploy the filter within the default web app that
            > >has a
            > >context of "/" ?
            > >
            > >"Chip Sands" <[email protected]> wrote in message
            > >news:[email protected]...
            > >> I want to filter every request to the web container. How do I deploy
            > >the
            > >filter without confining it to a particular context? For example, I
            > >would
            > >want to filter everything that went to www.bea.com. But if I deploy
            > >it as a
            > >webapp, it will only filter from www.bea.com/mywebapp. So I lose any
            > >request that go to www.bea.com/anothercontext. I have tried mapping
            > >the
            > >filter to the FileServlet, but once again, it only works inside of the
            > >context of the webapp.
            > >> Is there a way to map the Filter to the docroot of the server?
            > >> I am using Weblogic 6.1 and am currently deploying every thing as a
            > >.war
            > >file
            > >
            > >
            >
            

• How to map every  request url to one servlet

  HI experts,
  I have a requirement like below,
  i want to map every request to a uinque servlet.
  http://localhost/krish/images/kk,gif
  http://localhost/krish/images/rao,gif
  http://localhost/krish/images/hh,jpg
  http://localhost/krish/images/srn.txt
  http://localhost/krish/images/hel.wav
  etc.............the no requests unlimited.
  So if i write mapping in web.xml its hard to write hundreds of urls.
  so i need some other process to map all these urls to one servlet ( processrequest.java)
  which will process all those requests.
  How do i do it?
  thanks in advance

  use url-pattern as /images/* then it will call the same servlet for all URL like you mentioned

• Alternatives to loading .properties files for every request

  I am just starting for a company, and they loading a bunch of .properties files for every request. I've told them that according to JEE specs, using the file system like that is a violation, as it's not scalable. I've suggested the following alternatives:
  1. Load a file once, in a static initializer, or something to that effect. Re-start the app if a change needs to be made in properties.
  +: few changes
  -: requires a new war/ear to make a change
  2. Put properties that are truly variable in a database record.
  -: requires DB schema change.
  3. For instance, i've though about using something like jconsole to change an mbean property, and then web apps using that property.
  4. Define a single web app that exposes an EJB/JMS/RMI object which serves properties to other web apps. If a change is needed, only 1 web app needs to be re-started, although it would still have to be re-packaged. Perhaps this app could load this stuff from the DB.
  5. Have a properties service, and expose it as an RMI object. If a change needs to be made on the fly, use rmi to make the updates.
  I'm leaning towards a combination of 1, 5, and possibly 4.
  I would like to know what other alternatives might be available.
  Thanks.

  I am just starting for a company, and they loading a
  bunch of .properties files for every request. I've
  told them that according to JEE specs, using the file
  system like that is a violation, as it's not
  scalable. well, it's just boneheaded that's all
  I've suggested the following alternatives:
  1. Load a file once, in a static initializer, or
  something to that effect. Re-start the app if a
  change needs to be made in properties.that's what most people do
  2. Put properties that are truly variable in a
  database record.well, databases don't normally hold config info, but you can do what you want
  -: requires DB schema change.
  3. For instance, i've though about using something
  like jconsole to change an mbean property, and then
  web apps using that property.
  4. Define a single web app that exposes an
  EJB/JMS/RMI object which serves properties to other
  web apps. If a change is needed, only 1 web app needs
  to be re-started, although it would still have to be
  re-packaged. Perhaps this app could load this stuff
  from the DB.doing EJB or RMI for getting properties sounds like overkill in the extreme to me

• Client handler is invoking for every request.

  Hi EveryOne
  i am new to JAXWS welogic.
  i have a web consumer/client, while sending the request from client the handler is invoking for every request. I could not able to restrict.
  i would like to intialize only once and need to use that instance like (init() method initialization). How to resolve this issue.
  can anyone come across a solution for JAX-WS in general? Please throw your thoughts here.
  Any help in this regard would be appreciated.
  Thanks & Regards
  Suresh

  Two common reasons for this are:
  (1) Problem with the system clock: date, time, or time zone differs substantially from the rest of the internet
  (2) Firefox not set up to work with your security software that filters your web traffic
  In order to filter secure traffic, your security software needs to present "fake" certificates to Firefox so it can be the "man in the middle" and see everything sent to and from the site. Firefox distrusts the fake certificates until instructed otherwise.
  Do you use any software with that kind of feature? On Windows, products with that feature include avast! 2015, Bitdefender, ESET, and Kaspersky.
  A less common problem is malware performing a "man in the middle" attack.

• New instance for every request to Servlet

  I want to create new instance for every request to Servlet ...
  I am running my servlet on weblogic

  Hi!
  what functionality can there be that has to be put into init()?
  Another idea:
  why not include your needed functions in a private method within the servlet and call this method from init() and from doPost/doGet so it is processed any time the servlet is called?
  btw: more instances of the same servlet seems to me as going back to the roots (cgi).
  Thomas.

• Session replication at every http request

  Hi everybody
  I'm trying to use ZKoss Framework (www.zkoss.org) to develop a
  web application and deploy it in a Clustered WebLogic Server.
  The main issue I'm facing is that the "state" of the visual interface
  is stored inside the http session, and so, when node that handle
  the http request changes, the state is resetted and then the page changes,
  even if there was no user intervention.
  So I need to replicate the whole session at every http request,
  to prevent strange behaviours when the request handler node's changes.
  Do you know some settings that will force WebLogic Server to replicate the whole
  session at every http request?
  Thanks in advance.
  bye.

  Hi Marco,
  Yes, You are right But You NEED NOT to put setAttribute("key","value")...code in all your JSPs. because if the Attribute data of Session is changed then Automatically it will be replicated (only the Changed Data and not the Data which is unchanged). Even we need not to worry about replicating the Unchanged Data Again...And WebLogic will take care of ChangedData by itself. There is no other alternate solution available in weblogic to do this...Even no such similar Element available in Deployment descriptors as well.
  Actual Link is Broken http://download-llnw.oracle.com/docs/cd/E13222_01/wls/docs90/cluster/failover.html
  Any way i am copy-pasting few Lines from E-Docs (the actual link i am not able to find ..but may be u can open the cached page:
  http://74.125.153.132/search?q=cache:bxTbqJEsQTsJ:download-llnw.oracle.com/docs/cd/E13222_01/wls/docs90/cluster/failover.html+setAttribute+Session+replication+weblogic&cd=6&hl=en&ct=clnk&gl=in
  ---------------------------If you are not able to open the link then please refer to the E-Docs copy-paste content below --------------------------
  Programming Considerations for Clustered Servlets and JSPs
  This section highlights key programming constraints and recommendations for servlets and JSPs that you will deploy in a clustered environment.
  Session Data Must Be Serializable
  To support in-memory replication of HTTP session states, all servlet and JSP session data must be serializable.
  Note:     Serialization is the process of converting a complex data structure, such as a parallel arrangement of data (in which a number of bits are transmitted at a time along parallel channels) into a serial form (in which one bit at a time is transmitted); a serial interface provides this conversion to enable data transmission.
  Every field in an object must be serializable or transient in order for the object to be considered serializable. If the servlet or JSP uses a combination of serializable and non-serializable objects, WebLogic Server does not replicate the session state of the non-serializable objects.
  Use setAttribute to Change Session State
  In an HTTP servlet that implements javax.servlet.http.HttpSession, use HttpSession.setAttribute (which replaces the deprecated putValue) to change attributes in a session object. If you set attributes in a session object with setAttribute, the object and its attributes are replicated in a cluster using in-memory replication. If you use other set methods to change objects within a session, WebLogic Server does not replicate those changes. Every time a change is made to an object that is in the session, setAttribute() should be called to update that object across the cluster.
  Likewise, use removeAttribute (which, in turn, replaces the deprecated removeValue) to remove an attribute from a session object.
  Note:     Use of the deprecated putValue and removeValue methods will also cause session attributes to be replicated.     
  Thanks
  Jay SenSharma
  Edited by: Jay SenSharma on Feb 11, 2010 10:24 PM
  Edited by: Jay SenSharma on Feb 11, 2010 10:26 PM

• Session gets created for every request.

  Hi ,
  I have two servlets where i set a object in the session in one servlet say servlet1.java and get in another servlet say servlet2.java.
  When i pass my session object from servlet1 to servlet 2 , servlet2 is supposed to get the arrtibute , but its always gives me a null value.
  I found out that a new session is getting created every time when i try to access servlet2.
  I tried to print the session object , and it clearly tells me that the object is differet from the one i set.
  Can anyone let me know why is this happening and how do i solve this .
  This happens for me in weblogic 8.1 setup.
  In my JBOSS set up with the same code it works fine.
  Thanks in advance.

  Sasikanth,
  Pardon me if I am stating the obvious, but according to your description the problem is with WebLogic. So did you try a WebLogic specific forum?
  Good Luck,
  Avi.

• New session created with every page request

  Hi,
  I have an application running in portal framset. A user logins into a portal and has access to several applications, that are displayed in a frameset. My application is creating a new session for every page in the application. Of course, I can't keep session variables and a large amount of sessions are being created. What could be the reason for this, and is there a work around?
  Thanks.

  There is a chance the you have cookies turned off. Sessions are maintained via a jsessionid which is stored in a user cookie. If you (or another user) don't use cookies, then the session will be lost.
  To fix this, every URL you use must be encoded, such that, if cookies are not used, the jsessionid is attached to the end of the URL. If you are using JSTL, the easiest way to do this is like this:
  <c:url var="formAction" value="someOtherPage.jsp"/>
  <form action="<c:out value="${formAction}"/>" method="GET">
  <c:url var="nextPage" value="nextInLine.jsp"/>
  <a href="<c:out value="${nextPage}"/>">Next</a> Or if you are not using JSTL, you can use scriptlets:
  <%
    String formAction = response.encodeURL("someOtherPage.jsp");
  %>
  <form action="<%= formAction %>" method="GET">
  <%
    String nextPage = response.encodeURL("nextInLine.jsp");
  %>
  <a href="<%= nextPage %>">Next</a>

• Problem in ACS5.1 : "EAP session timed out", "RADIUS Request dropped "

  Hi .
  Part of my access points do not want to authenticate wi-fi users (through Radius server and Microsoft AD) .
  The scheme is: wi-fi PC-access point -ACS server 5.1 (Radius)-Microsoft AD
  After I  configured some AP, next logs we can see :
  EAP session timed out (many)
  RADIUS Request dropped (many)
  Could not establish connection with ACS Active Directory agent
  User's Groups retrieval from Active Directory failed
  The user is not found in the internal users identity store.
  Another part of devices (AP) works well.
  Anyone can help me to solve this problem please?

  Hi Nicolas.
  In logs usually we see some steps of beginning relations between devices. But here we see only one log line:
  What can it mean?
  The other messages seem to indicate that there is a problem with your AD. Did you test the bind ? Can you retrieve the AD groups list from ACS ?
  Yes, we tested relations between AD and ACS, AD groups list retrieve fine from AD. In addition half of devices in network works fine: wi-fi devices authenticates excellent .
  Do you use AD with the ACS for another part of your network that would be working fine ?
  Yes, there is single AD and ACS.