Session Timeout and DAD Authentication
My application uses the authentication scheme 'No authentication (using DAD)'. The users log in from an external program and the user IDs are captured in the variable remote_user. My authorization scheme checks that the user ID exists in a database table. All this seems to work fine.
However, I need to implement a session timeout on the application. I've followed the steps described in the "Automatic Session Timeouts" utility in the Application Express Studio but when I tried to modify the authentication scheme by adding:
return auth_pkg.check_timeout;
to the Session Verify Function I got the following errors:
No functional attributes may be set when page sentry function is '-DATABASE-'.
and
Session verification function may not be specified if page sentry function is specified.
I'm new to Apex and I don't know where to go from here. Any advice please?
Thanks
Maria
Maria,
The usual way to do the authentication part is to use a custom page sentry function. Many examples have been posted on the forum based on the ntlm page sentry code. Search for those keywords here (ntml page sentry) and you should find it easily. Then you can modify it by adding the session timeout logic in that function.
Scott
Similar Messages
-
Session timeout and Custon login module
Hi,
Dev Platform: Jdev 10.1.3.4.0, Oracle 10.2.4
I'm trying to trap the session timeout and display a page. I'm using the code below from Frank Nimphius. I've also provided a console log of what is happening when the application times out. Instead of the filter being called the system is calling the dblogin module and attempting to login the anonymous user. I renamed the anonymous user and I just see log entries where the system attempted to find the anonymous user.
If I use the application to logout I get a Logout page with a button to confirm the logout. When I press the button the session is invalidated and the filter code brings up my "Session Timeout" notification page. This isn't what will happen in the end but I just wanted to tell you that the filter does work in certain instances.
How can I make the system not attempt to login the anonymous user and have the filter code run?
TIA, Dave
package isdbs.view.security;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class ApplicationSessionExpiryFilter implements Filter {
private FilterConfig _filterConfig = null;
public void init(FilterConfig filterConfig) throws ServletException {
_filterConfig = filterConfig;
public void destroy() {
_filterConfig = null;
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
String requestedSession = ((HttpServletRequest)request).getRequestedSessionId();
String currentWebSession = ((HttpServletRequest)request).getSession().getId();
boolean sessionOk = currentWebSession.equalsIgnoreCase(requestedSession);
// if the requested session is null then this is the first application
// request and "false" is acceptable
if (!sessionOk && requestedSession != null){
// the session has expired or renewed. Redirect request
((HttpServletResponse) response).sendRedirect(_filterConfig.getInitParameter("SessionTimeoutRedirect"));
else{
chain.doFilter(request, response);
}Mar 30, 2009 9:38:04 AM oracle.security.jazn.oc4j.RealmUserAdaptor isMemberOf
FINE: JAAS-OC4J: Membership check for group: ISDBS_USER failed for user: anonymous
09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option debug = true
09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option log level = log all
09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option logger class = null
09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option data_source_name = jdbc/elearnDS
09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option user table = TBL_LOGIN
09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option roles table = XREF_LOGIN_ROLE
09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option username column = LOGIN_NM
09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option password column = PASSWORD
09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option roles column = ROLE_NM
09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option user pk column = LOGIN_NM
09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option roles fk column = LOGIN_NM
09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option password encoding class = oracle.sample.dbloginmodule.util.DBLoginModuleClearTextEncoder
09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option realm_column = null
09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option application_realm = null
09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] login called on DBTableLoginModule
09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] Calling callbackhandler ...
09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] Username returned by callback = null
09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] User query string: select LOGIN_NM,PASSWORD, LOGIN_ATTEMPTS, ACTIVE_IND from TBL_LOGIN where lower(LOGIN_NM)= lower((?))
09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] Logon Successful = false
09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] Abort called on LoginModule
Mar 30, 2009 9:38:04 AM oracle.security.jazn.oc4j.OC4JUtil doJAASLogin
WARNING: Login Failure: all modules ignored
javax.security.auth.login.LoginException: Login Failure: all modules ignored
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:921)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at oracle.security.jazn.oc4j.OC4JUtil.doJAASLogin(OC4JUtil.java:241)
at oracle.security.jazn.oc4j.GenericUser$1.run(JAZNUserManager.java:818)
at oracle.security.jazn.oc4j.OC4JUtil.doWithJAZNClsLdr(OC4JUtil.java:173)
at oracle.security.jazn.oc4j.GenericUser.authenticate(JAZNUserManager.java:814)
at oracle.security.jazn.oc4j.FilterUser.authenticate(JAZNUserManager.java:1143)
at com.evermind.server.http.EvermindHttpServletRequest.checkAndSetRemoteUser(EvermindHttpServletRequest.java:3760)
at com.evermind.server.http.HttpRequestHandler.doProcessRequest(HttpRequestHandler.java:706)
at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:453)
at com.evermind.server.http.HttpRequestHandler.serveOneRequest(HttpRequestHandler.java:221)
at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:122)
at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:111)
at oracle.oc4j.network.ServerSocketReadHandler$SafeRunnable.run(ServerSocketReadHandler.java:260)
at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:303)
at java.lang.Thread.run(Thread.java:595)
Mar 30, 2009 9:38:04 AM oracle.security.jazn.oc4j.GenericUser authenticate
FINE: JAAS-OC4J: Authentication failure for user: null
Mar 30, 2009 9:38:04 AM oracle.security.jazn.oc4j.RealmUserAdaptor isMemberOf
FINE: JAAS-OC4J: Membership check for group: ISDBS_USER failed for user: anonymousI added an HttpSessionListener upon login here's what I get:
09/03/31 08:21:25 Inside sessionCreated
09/03/31 08:21:25 Before New session createb = 0
09/03/31 08:21:25 Created session id: 854b4b95cf28ceb065d0489a31ee79c19feabb80716f6d828b77fc7044b210bf
09/03/31 08:21:25 After New session count = 1
At session timeout here's what I get:
09/03/31 08:23:27 Count before destroyed = 1
09/03/31 08:23:27 Destroyed session id: 854b4b95cf28ceb065d0489a31ee79c19feabb80716f6d828b77fc7044b210bf
09/03/31 08:23:27 Count after destroyed = 0
09/03/31 08:23:27 Inside sessionCreated
09/03/31 08:23:27 Before New session createb = 0
09/03/31 08:23:27 Created session id: 854b4b95cf28ceb065d0489a31ee79c19feabb80716f6d828b77fc7044b210bf
09/03/31 08:23:27 After New session count = 1
Notice that the session Id in each case is IDENTICAL. That is why the Filter code isn't doing what it is intended to do. Whay is the same session ID being created after it is destroyed? Is there a configuration parameter that controls it?
Thanks,
Dave -
Under Excel Service Application --> session management; what is the difference between Session timeout and Short Session timeout?
Any call made from the API will automatically be set to the “Session Timeout” period, no matter
what. Calls made from EWA (Excel Web Access) will get the “Short Session Timeout” period assigned to it initially.
Short Session Timeout and Session Timeout in Excel Services
Short Session Timeout and Session Timeout in Excel Services - Part 2
Sessions and session time-outs in Excel Services
above links are from old version but still applies to all.
Please remember to mark your question as answered &Vote helpful,if this solves/helps your problem. ****************************************************************************************** Thanks -WS MCITP(SharePoint 2010, 2013) Blog: http://wscheema.com/blog -
Session Timeout and Dynamic Actions
Did anybody ever use the Session Timeout feature in APEX successfully?
I have set an idle session timeout and provided an url to redirect to once the session is expired: Home > Application Builder > Application nnn > Shared Components > Edit Security Attributes > Session Timeout
It works so far during the page rendering and page processing phase. But I have major problems with dynamic actions and custom ajax requests.
Dynamic actions will just hang and simply don't return. Even worse, when I execute the dynamic action once the session is expired, the session seems to be physically deleted and thus the next click on a tab will not redirect to the expiration page but go straight to the login page.
Did anybody make it work or is the best way to implement a custom session timeout?
Thanks,
Dietmar.Hi All,
Check out the Session Timeout plug-in available here:
http://skillbuilders.com/plugins
Let me know if that helps.
Regards,
Dan
blog: http://DanielMcghan.us/
work: http://SkillBuilders.com/APEX/ -
Session Timeouts and SmbServer
Hi,
When having iFS mapped to a network drive (via SMB), the SMB server
is unable to recover from a timeout of the LibrarySession. The network
drive then seems to be empty and doing a refresh within explorer
doesn't help either. The only thing that helps, is remapping the
network drive.
Within Node.log of iFS I see this stacktrace.
7/10/02 9:02 AM SmbServer: oracle.ifs.common.IfsException
oracle.ifs.common.IfsException: IFS-21000: Session is not connected or has timed-out
at java.lang.Throwable.fillInStackTrace(Native Method)
at java.lang.Throwable.fillInStackTrace(Compiled Code)
at java.lang.Throwable.<init>(Compiled Code)
at java.lang.Exception.<init>(Compiled Code)
at oracle.ifs.common.IfsException.<init>(Compiled Code)
at oracle.ifs.common.IfsException.<init>(Compiled Code)
at oracle.ifs.common.IfsException.<init>(Compiled Code)
at oracle.ifs.beans.LibraryObject.verifyConnected(Compiled Code)
at oracle.ifs.beans.Folder.findPublicObjectByPath(Compiled Code)
at oracle.ifs.beans.FolderPathResolver.findPublicObjectByPath(Compiled Code)
at oracle.ifs.beans.FolderPathResolver.findPublicObjectByPath(Compiled Code)
at oracle.ifs.protocols.smb.server.DbTree$DbQuery.<init>(Compiled Code)
at oracle.ifs.protocols.smb.server.DbTree.getQuery(Compiled Code)
at oracle.ifs.protocols.smb.server.ComTrans.trans2FindFirst(Compiled Code)
at oracle.ifs.protocols.smb.server.ComTrans.replyTransaction2(Compiled Code)
at oracle.ifs.protocols.smb.server.ComTrans.process(Compiled Code)
at oracle.ifs.protocols.smb.server.ComSmb.handleSmbMessage(Compiled Code)
at oracle.ifs.protocols.smb.server.SmbThread.handleNbMessage(Compiled Code)
at oracle.ifs.protocols.smb.server.SmbThread.readPackets(Compiled Code)
at oracle.ifs.protocols.smb.server.SmbThread.run(Compiled Code)
This behavior actually causes us big problems when editing files via MS Office.
Fortunately Office is able to still save it's data using some generated filename.
(At least until now I could not create any data loss)
But then you have to close it, remap then network drive, rename the file and then
reopen the file. This is big trouble to users, which are not familiar with mapping
network drives and renaming files with extensions.
Is there a way to make the SmbServer keep the LibrarySession alive, as long as
the network drive is mapped ?
Regards,
Jens LorenzWorkflow #2:
Login to my account
Click view all email
Open Drafts Folder
Open draft email response
Select "Send" to send email (total in session time of 30 seconds)
On screen reload, where I would expect to see some sort of indication that my email was successfully sent, instead the system throws session time out message and kicks me out.
I have no idea if my email was successfully sent or not.
Workflow #3:
Login to my account
Click view all email
Attempted to open the first new email in my inbox (total time in session <15 seconds)
System throws session timeout error and kicks me out to the main login.
There is obviously something going on with your session holding code. The session variable is not being passed correctly or something but it's very, very frustrating to spend 30-45 minutes trying to type out a couple of lines, particularly when you have multiple important activities going on that you need to respond too via email. -
Session timeout and custom sso
Hi,
can anyone tell me how the session and idle timeout feature in Apex exactly works?
I built several applications in a workspace and do a sso authorization by setting a common cookie name. In addition to that i set the values for session length and idle timeout and assumed that the session length would be synchronized over all applications. But this doesn't seem to work. For instance, i set the idle timeout to 10 minutes in all applications and now i work for 15 minutes continously in application A and after that i switch over to application B (using the same session id!), the session is already expired in B.
Is this behavior correct? And, if yes, how can i set up a synchronization over all applications?
JensAnyone?
-
Session Timeout and Url Redirect in BlazeDS?
We have a JSF2 Webapp and Flex 4 integreated.
Question
1. How can we pass the parameters in web.xml to make FLEX4 redirect to login page when the session timeouts instead of giving a AMF Communication Error?
Thanks,
User.hi, i am also struggling with the same problem, have you got any solution
-
Session timeout and session.invalidate() -- are they the same?
I was just wondering when a session timeout occurs (either by setting the session-timeout in web.xml or the server's default timeout), is the session automatically invalidated? Or should we call setMaxInactiveInterval() instead? Or is calling session.invalidate() the only way to invalidate a session?
Hello all,
Both are same in terms of functionality, but if you use both of them like
1: You specified the tag sessionTimeout and
2: in your program the session.maxInactiveIntervalTime( value ) here if the value is(we gave it in terms of seconds like for 40 minutes we give 2400) then the program code will override the value previously set in web.xml
Thanks
Prabhakar -
BC4J/UIX: How to implement session timeout and logout?
Hi,
I need to implement logout function in my UIX application. We use JAZN basic authentication. So several things need to be done when user clicks 'logout'
1. Any pending transaction is rolled-back.
2. App Module - what to do with it?
3. Browser closes or redirects to other page. Any attempts to go BACK will show either 'session expired' or will redirect to login page.
Also I need a mechanism where if user is idle for say, 10 minutes, that he/she will be automatically logout (maybe after some warning message). How to do this?
Thanks
RadeWell if you search long enough, you will find your own answers. After months of not having this solved, I found the solution, in a piece of sample code from oracle that is distro with the OC4J stuff.
if (request.getRemoteUser() != null) {
// notes that the application is responsible for cleanup
//invalidate the HttpSession
HttpSession session = request.getSession();
session.invalidate();
String url=null;
oracle.security.jazn.oc4j.WebSSOUtil.globalLogout(response,url);
} else out.println("You are not logged in!");
out.println("</BODY>");
out.println("</HTML>");
This is the piece I was looking for, a way to kill off the SSO session. Now when I click logoff, the user is actually logged off the application and their HTTP session is killed off as well.
Kelly -
apex v2.2
Scenario is
Apex users are authenticated using database authentication.
Once authenticated the users may press a column link to a
non apex DAD stored procedure call which then ask for autentication.
sample call is - which executes a report request and pass back a pdf to the browser
http://host:port/<dad>/<package.procedure>?param1=1
Within the apex security model can I somehow bypass the user/pw challenge as the user signed in has permission to execute the call and a public user shouldn't have access
This is the appex DAD
<Location /pls/apex>
SetHandler pls_handler
Order deny,allow
Allow from all
AllowOverride None
PlsqlDatabaseUsername APEX_PUBLIC_USER
PlsqlDatabasePassword xxxxxxxx
PlsqlDatabaseConnectString train:1521:training SIDformat
PlsqlDefaultPage apex
PlsqlDocumentTablename wwv_flow_file_objects$
PlsqlDocumentPath docs
PlsqlDocumentProcedure wwv_flow_file_mgr.process_download
PlsqlAuthenticationMode Basic
PlsqlNLSLanguage AMERICAN_AMERICA.AL32UTF8
</Location>
Any ideas ?
Thanks
PeteStill no joy!
Currently there's a region with some items and a button
when submitting the button GO, page process GO executes:
htp.init;
apex_application.g_page_text_generated := true;
owa_util.mime_header ('application/x-sql',false);
htp.p('Content-Disposition: attachment; filename=xxxxxxxxxxxx');
owa_util.mime_header('application/pdf', false);
owa_util.http_header_close;
htp.p('Content-Disposition: attachment; filename=test.pdf');
<package>.download_doc(517); -- see below
"some processing takes place" but the document is not being displayed
I've tried the different mime_header and Content-Disposition setttings
Do I need to redirect the content sent from the server somewhere else?
Calling the procedure via mod pl/sql works
Thanks for your reply.
Pete
===
procedure download_doc(p_file_id upload_reports.ur_id%type
,p_mime_type varchar2 default 'application/pdf')
as
l_lob upload_reports.report_blob%type;
l_mime varchar2(30);
begin
select f.report_blob
into l_lob
from upload_reports f
where f.ur_id = p_file_id;
owa_util.mime_header('application/pdf', false);
owa_util.http_header_close;
wpg_docload.download_file(l_lob);
end; -
Portal Session Timeout and Logon Ticket Timeout
Hi All,
Can anyone give me answers to the following:
- If my Portal session times out, but my logon ticket is still valid, will I lose my session data?
- Is there any way of determining the size of a users session information in memory (or the size of all user sessions in memory). I can see in the Monitoring service in Visual Admin the number of sessions but not their individual or total size.
I'm using EP7.
Cheers,
SteveHi,
the Logon Ticket is only used for SSO between the portal and the integrated system. Your session data is stored in the session. If the session times out or gets closed, the session data is lost.
br,
Tobias -
Session Timeout Setting in Business Intelligence Platform 4
Greetings. We are using Business Intelligence Platform 4 SP 2.5. We use LDAP authentication for logging in to the CMC, BI Launchpad, and Lifecycle Management console. Our sessions expire after 10 minutes (of either activity or inactivity). I haven't been able to find the setting that controls the timeout. Does anyone know?
Thank you in advance,
DaveHi Dave,
TO make the change for the timeout we need to navigate to following location:
1. Program Files (x86)\SAP BusinessObjects\Tomcat6\webapps\BOE\WEB-INF
2. Open the web.xml. Search for the "session-timeout" and change the value to as per your requirement.
3. This change would take effect on both CMC and BI LaunchPad.
4. Restart the Tomcat.
At <INSTALLDIR>\Tomcat6\conf\web.xml change 30 to 60:
<session-config>
<session-timeout>60</session-timeout>
</session-config>
Regards,
Sonia -
ADF Faces : session timeout best practice
hi
I made these small modifications to the web.xml file in the SRDemoSample application:
(a) I changed the login-config from this ...
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>infrastructure/SRLogin.jspx</form-login-page>
<form-error-page>infrastructure/SRLogin.jspx</form-error-page>
</form-login-config>
</login-config>... to this
<login-config>
<auth-method>BASIC</auth-method>
</login-config>(b) I changed the session-timeout to 1 minute.
<session-config>
<session-timeout>1</session-timeout>
</session-config>Please consider this scenario:
(1) Run the UserInterface project of the SRDemoSample application in JDeveloper.
(2) Authenticate using "sking" and password "welcome".
(3) Click on the "My Service Requests" tab.
(4) Click on a "Request Id" like "111". You should see a detail page titled "Service Request Information for SR # 111" that shows detail data on the service request.
(5) Wait for at least one minute for the session to timeout.
(6) Click on the "My Service Requests" tab again. I see the same detail page as in (4), now titled "Service Request Information for SR #" and not showing any detail data.
question
What is the best practice to detect such session timeouts and handle them in a user friendly way in an ADF Faces application?
thanks
Jan VerveckenHi,
no. Here's the content copied from a word doc:
A frequent question on the JDeveloper OTN forum, and also one that has been asked by customers directly, is how to detect and graceful handle user session expiry due to user inactivity.
The problem of user inactivity is that there is no way in JavaEE for the server to call the client when the session has expired. Though you could use JavaScript on the client display to count
down the session timeout, eventually showing an alert or redirecting the browser, this goes with a lot of overhead. The main concern raised against unhandled session invalidation due to user
inactivity is that the next user request leads to unpredictable results and errors messages. Because all information stored in the user session get lost upon session expiry, you can't recover the
session and need to start over again. The solution to this problem is a servlet filter that works on top of the Faces servlet. The web.xml file would have the servlet configured as follows
1. <filter>
2. <filter-name>ApplicationSessionExpiryFilter</filter-name>
3. <filter-class>
4. adf.sample.ApplicationSessionExpiryFilter
5. </filter-class>
6. <init-param>
7. <param-name>SessionTimeoutRedirect</param-name>
8. <param-value>SessionHasExpired.jspx</param-value>
9. </init-param>
10. </filter>
This configures the "ApplicationSessionExpiryFilter" servlet with an initialization parameter for the administrator to configure the page that the filter redirects the request to. In this
example, the page is a simple JSP page that only prints a message so the user knows what has happened. Further in the web.xml file, the filter is assigned to the JavaServer Faces
servlet as follows
1. <filter-mapping>
2. <filter-name>ApplicationSessionExpiryFilter</filter-name>
3. <servlet-name>Faces Servlet</servlet-name>
4. </filter-mapping>
The Servlet filter code compares the session Id of the request with the current session Id. This nicely handles the issue of the JavaEE container implicitly creating a new user session for the incoming request.
The only special case to be handled is where the incoming request doesn't have an associated session ID. This is the case for the initial application request.
1. package adf.sample;
2.
3. import java.io.IOException;
4.
5. import javax.servlet.Filter;
6. import javax.servlet.FilterChain;
7. import javax.servlet.FilterConfig;
8. import javax.servlet.ServletException;
9. import javax.servlet.ServletRequest;
10. import javax.servlet.ServletResponse;
11. import javax.servlet.http.HttpServletRequest;
12. import javax.servlet.http.HttpServletResponse;
13.
14.
15. public class ApplicationSessionExpiryFilter implements Filter {
16. private FilterConfig _filterConfig = null;
17.
18. public void init(FilterConfig filterConfig) throws ServletException {
19. _filterConfig = filterConfig;
20. }
21.
22. public void destroy() {
23. _filterConfig = null;
24. }
25.
26. public void doFilter(ServletRequest request, ServletResponse response,
27. FilterChain chain) throws IOException, ServletException {
28.
29.
30. String requestedSession = ((HttpServletRequest)request).getRequestedSessionId();
31. String currentWebSession = ((HttpServletRequest)request).getSession().getId();
32.
33. boolean sessionOk = currentWebSession.equalsIgnoreCase(requestedSession);
34.
35. // if the requested session is null then this is the first application
36. // request and "false" is acceptable
37.
38. if (!sessionOk && requestedSession != null){
39. // the session has expired or renewed. Redirect request
40. ((HttpServletResponse) response).sendRedirect(_filterConfig.getInitParameter("SessionTimeoutRedirect"));
41. }
42. else{
43. chain.doFilter(request, response);
44. }
45. }
46.
47. }
This servlet filter works pretty well, except for sessions that are expired because of active session invalidation e.g. when nuking the session to log out of container managed authentication. In this case my
recommendation is to extend line 39 to also include a check if security is required. This can be through another initialization parameter that holds the name of a page that the request is redirected to upon logout.
In this case you don't redirect the request to the error page but continue with a newly created session.
Ps.: For testing and development, set the following parameter in web.xml to 1 so you don't have to wait 35 minutes
1. <session-config>
2. <session-timeout>1</session-timeout>
3. </session-config> Frank
Edited by: Frank Nimphius on Jun 9, 2011 8:19 AM -
Does anybody in this forum have problem with the netlet session timeout?
We use Netlet to run Citrix applications behind the portal. The Netlet session gets killed at any moment in the range of 6 hours to 40 hours in the production environment. We use portal6.0 with NetletKeepAlive patch installed. Session timeout and idle timeout are set to 48 hours, keep alive interval in Netlet is 1 minute.
For the user to access the portal (and application thereafter), he has to go through proxy server at his end, and firewall at server side.
Without proxy and firewall in our test environment , the Netlet session stays much longer and is more predictable. Could the proxy server and firewall complicate the session? Thanks.Pl post details of OS and EBS versions.
These docs may also help
How To Fix The Forms Timeout Issue In Oracle Applications 11i (Doc ID 269884.1)
How to Control iStore Session Timeout (Doc ID 377436.1)
HTH
Srini -
Portal Session Timeout Setting
There is a JServ session and a portal session. I know how to control session timeout and session clean up frequency in JServ - that's in zone.properties. But, I dont know how to set timeout for portal session, i.e., I'd like to have the user be forced to login again when he has been idle for 15 mins - and only if he has been idle. Jserv session settings are not sufficient for this because Portal has it's own session that must time out.
How to set this timeout value (I'm using my own provider which has a timeout setting in zone.properties and includes a bunch of JSP portlets)? Also, is there a clean up thread for which the frequency has to be set?I've contacted metalink weeks ago, and this is NOW, a know bug...
Incredible... Oracle just DO NOT TEST their products... Even a simple SESSION timeout do not work. Also, if I click back after "I log In and Log out" ... Session still up without have to login again!
BUG 2442268
Maybe you are looking for
-
I just migrate settings and software, include CC, from my PowerBook to a new Mac Pro. All the software download from CC is there and working, except for CC, and there is not way to install. I have try because every time I restar keep bothering asking
-
How do I install LR on second computer without disk or serial number
I need to install LR onto a new computer. I cannot find the LR 3 dish but I do have the Adobe order number for my purchase of LR3, but I do not have a serial no. or codes for installing LR 3. I do have the LR 5 upgrade disk. I have tried to chat
-
Any way to convert a PrintRequestAttributeSet to a PageFormat?
I have a "PrinterHelper" that pops up dialogs and tries it's best to make printing easy among many different types of windows. The problem I'm having is that I have a Print Preview dialog, which I need a PageFormat so that I can render the "preview"
-
Ok, I have a wireless router working fine in my house in fact i'm using it right now with my old 12" G4 power book to send this message, but i have recently bought a mac pro and totally forgot to put an airport card in it when configuring it. (oops)
-
For using the Orinda classes and methods I need an OracleConnection. For example: http://www.orindasoft.com/public/JDeveloper%20Addintwo.php4 row 92: // Create a connection93 theConnection = (OracleConnection DriverManager.getConnection( "jdbc:oracle