Session Timeout and Dynamic Actions

Did anybody ever use the Session Timeout feature in APEX successfully?
I have set an idle session timeout and provided an url to redirect to once the session is expired: Home > Application Builder > Application nnn > Shared Components > Edit Security Attributes > Session Timeout
It works so far during the page rendering and page processing phase. But I have major problems with dynamic actions and custom ajax requests.
Dynamic actions will just hang and simply don't return. Even worse, when I execute the dynamic action once the session is expired, the session seems to be physically deleted and thus the next click on a tab will not redirect to the expiration page but go straight to the login page.
Did anybody make it work or is the best way to implement a custom session timeout?
Thanks,
Dietmar.

Hi All,
Check out the Session Timeout plug-in available here:
http://skillbuilders.com/plugins
Let me know if that helps.
Regards,
Dan
blog: http://DanielMcghan.us/
work: http://SkillBuilders.com/APEX/

Similar Messages

What is the difference between Session timeout and Short Session timeout Under Excel Service Application -- session management?

Under Excel Service Application --> session management; what is the difference between Session timeout and Short Session timeout?

Any call made from the API will automatically be set to the “Session Timeout” period, no matter
what. Calls made from EWA (Excel Web Access) will get the “Short Session Timeout” period assigned to it initially.
Short Session Timeout and Session Timeout in Excel Services
Short Session Timeout and Session Timeout in Excel Services - Part 2
Sessions and session time-outs in Excel Services
above links are from old version but still applies to all.
Please remember to mark your question as answered &Vote helpful,if this solves/helps your problem. ****************************************************************************************** Thanks -WS MCITP(SharePoint 2010, 2013) Blog: http://wscheema.com/blog

Session timeout and Custon login module

Hi,
Dev Platform: Jdev 10.1.3.4.0, Oracle 10.2.4
I'm trying to trap the session timeout and display a page. I'm using the code below from Frank Nimphius. I've also provided a console log of what is happening when the application times out. Instead of the filter being called the system is calling the dblogin module and attempting to login the anonymous user. I renamed the anonymous user and I just see log entries where the system attempted to find the anonymous user.
If I use the application to logout I get a Logout page with a button to confirm the logout. When I press the button the session is invalidated and the filter code brings up my "Session Timeout" notification page. This isn't what will happen in the end but I just wanted to tell you that the filter does work in certain instances.
How can I make the system not attempt to login the anonymous user and have the filter code run?
TIA, Dave
package isdbs.view.security;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class ApplicationSessionExpiryFilter implements Filter {
    private FilterConfig _filterConfig = null;
    public void init(FilterConfig filterConfig) throws ServletException {
        _filterConfig = filterConfig;
    public void destroy() {
        _filterConfig = null;
    public void doFilter(ServletRequest request, ServletResponse response,
                         FilterChain chain) throws IOException, ServletException {
        String requestedSession =   ((HttpServletRequest)request).getRequestedSessionId();
        String currentWebSession = ((HttpServletRequest)request).getSession().getId();
        boolean sessionOk = currentWebSession.equalsIgnoreCase(requestedSession);
        // if the requested session is null then this is the first application
        // request and "false" is acceptable
        if (!sessionOk && requestedSession != null){
            // the session has expired or renewed. Redirect request
            ((HttpServletResponse) response).sendRedirect(_filterConfig.getInitParameter("SessionTimeoutRedirect"));
        else{
            chain.doFilter(request, response);
}Mar 30, 2009 9:38:04 AM oracle.security.jazn.oc4j.RealmUserAdaptor isMemberOf
FINE: JAAS-OC4J: Membership check for group: ISDBS_USER failed for user: anonymous
09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option debug = true
09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option log level = log all
09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option logger class = null
09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option data_source_name = jdbc/elearnDS
09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option user table = TBL_LOGIN
09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option roles table = XREF_LOGIN_ROLE
09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option username column = LOGIN_NM
09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option password column = PASSWORD
09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option roles column = ROLE_NM
09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option user pk column = LOGIN_NM
09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option roles fk column = LOGIN_NM
09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option password encoding class = oracle.sample.dbloginmodule.util.DBLoginModuleClearTextEncoder
09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option realm_column = null
09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option application_realm = null
09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] login called on DBTableLoginModule
09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] Calling callbackhandler ...
09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] Username returned by callback = null
09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] User query string: select LOGIN_NM,PASSWORD, LOGIN_ATTEMPTS, ACTIVE_IND from TBL_LOGIN where lower(LOGIN_NM)= lower((?))
09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] Logon Successful = false
09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] Abort called on LoginModule
Mar 30, 2009 9:38:04 AM oracle.security.jazn.oc4j.OC4JUtil doJAASLogin
WARNING: Login Failure: all modules ignored
javax.security.auth.login.LoginException: Login Failure: all modules ignored
     at javax.security.auth.login.LoginContext.invoke(LoginContext.java:921)
     at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
     at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
     at java.security.AccessController.doPrivileged(Native Method)
     at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
     at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
     at oracle.security.jazn.oc4j.OC4JUtil.doJAASLogin(OC4JUtil.java:241)
     at oracle.security.jazn.oc4j.GenericUser$1.run(JAZNUserManager.java:818)
     at oracle.security.jazn.oc4j.OC4JUtil.doWithJAZNClsLdr(OC4JUtil.java:173)
     at oracle.security.jazn.oc4j.GenericUser.authenticate(JAZNUserManager.java:814)
     at oracle.security.jazn.oc4j.FilterUser.authenticate(JAZNUserManager.java:1143)
     at com.evermind.server.http.EvermindHttpServletRequest.checkAndSetRemoteUser(EvermindHttpServletRequest.java:3760)
     at com.evermind.server.http.HttpRequestHandler.doProcessRequest(HttpRequestHandler.java:706)
     at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:453)
     at com.evermind.server.http.HttpRequestHandler.serveOneRequest(HttpRequestHandler.java:221)
     at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:122)
     at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:111)
     at oracle.oc4j.network.ServerSocketReadHandler$SafeRunnable.run(ServerSocketReadHandler.java:260)
     at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:303)
     at java.lang.Thread.run(Thread.java:595)
Mar 30, 2009 9:38:04 AM oracle.security.jazn.oc4j.GenericUser authenticate
FINE: JAAS-OC4J: Authentication failure for user: null
Mar 30, 2009 9:38:04 AM oracle.security.jazn.oc4j.RealmUserAdaptor isMemberOf
FINE: JAAS-OC4J: Membership check for group: ISDBS_USER failed for user: anonymous

I added an HttpSessionListener upon login here's what I get:
09/03/31 08:21:25 Inside sessionCreated
09/03/31 08:21:25 Before New session createb = 0
09/03/31 08:21:25 Created session id: 854b4b95cf28ceb065d0489a31ee79c19feabb80716f6d828b77fc7044b210bf
09/03/31 08:21:25 After New session count = 1
At session timeout here's what I get:
09/03/31 08:23:27 Count before destroyed = 1
09/03/31 08:23:27 Destroyed session id: 854b4b95cf28ceb065d0489a31ee79c19feabb80716f6d828b77fc7044b210bf
09/03/31 08:23:27 Count after destroyed = 0
09/03/31 08:23:27 Inside sessionCreated
09/03/31 08:23:27 Before New session createb = 0
09/03/31 08:23:27 Created session id: 854b4b95cf28ceb065d0489a31ee79c19feabb80716f6d828b77fc7044b210bf
09/03/31 08:23:27 After New session count = 1
Notice that the session Id in each case is IDENTICAL. That is why the Filter code isn't doing what it is intended to do. Whay is the same session ID being created after it is destroyed? Is there a configuration parameter that controls it?
Thanks,
Dave

How can a classic report be filtered using one select item and dynamic action?

APEX 4.2.1
DB 11g
I have a page with 4 reports on it. The top report is an interactive report and the following 3 are classic reports. The users would like to be able to use a select list to filter the 3rd report by PO line number without refreshing the entire page.
After verifying that the report is set to allow partial refreshes, I took the following steps
1. Created a PO Line select item (p_po_line_select) in the same report region
2. Added p_po_line_select to the report query
3. Created a dynamic action on p_po_line_select with 2 true actions
     1. Set value (p_po_line_select)
     2. Refresh report region.
The Set Value dynamic step was not working; I would get an out of memory error at line 2, memory stack error, or the value did not get saved to session state depending on the settings I selected. I was able to get it working with the following set:
1. Action = Set Value
2. Set type = PL/SQL Expression
3. PL/SQL Expression = :p_field_does_not_exist
4.   Page items to submit = blank
5. Selection Type = Item(s)
6. Item(s) = p_field_does_not_exist
p_field_does_not_exist does not exist as a page or application item which leads me to believe that this is a bug and I am just lucky that it worked. I would rather know how to do this properly. Can someone please provide a link to a working example of how this should be done or state which settings are wrong?
I was able to reproduce the issue in the following app
http://apex.oracle.com/pls/apex/f?p=4500:1000
workspace = occam
user test/apex1
Thanks,

STOP POSTING DUPLICATE THREADS.
If you have additional information, continue the discussion by posting it as a follow-up on the original thread: What is the proper way to filter classic report using just an LOV select field with dynamic action?

Session Timeouts and SmbServer

Hi,
When having iFS mapped to a network drive (via SMB), the SMB server
is unable to recover from a timeout of the LibrarySession. The network
drive then seems to be empty and doing a refresh within explorer
doesn't help either. The only thing that helps, is remapping the
network drive.
Within Node.log of iFS I see this stacktrace.
7/10/02 9:02 AM SmbServer: oracle.ifs.common.IfsException
oracle.ifs.common.IfsException: IFS-21000: Session is not connected or has timed-out
at java.lang.Throwable.fillInStackTrace(Native Method)
at java.lang.Throwable.fillInStackTrace(Compiled Code)
at java.lang.Throwable.<init>(Compiled Code)
at java.lang.Exception.<init>(Compiled Code)
at oracle.ifs.common.IfsException.<init>(Compiled Code)
at oracle.ifs.common.IfsException.<init>(Compiled Code)
at oracle.ifs.common.IfsException.<init>(Compiled Code)
at oracle.ifs.beans.LibraryObject.verifyConnected(Compiled Code)
at oracle.ifs.beans.Folder.findPublicObjectByPath(Compiled Code)
at oracle.ifs.beans.FolderPathResolver.findPublicObjectByPath(Compiled Code)
at oracle.ifs.beans.FolderPathResolver.findPublicObjectByPath(Compiled Code)
at oracle.ifs.protocols.smb.server.DbTree$DbQuery.<init>(Compiled Code)
at oracle.ifs.protocols.smb.server.DbTree.getQuery(Compiled Code)
at oracle.ifs.protocols.smb.server.ComTrans.trans2FindFirst(Compiled Code)
at oracle.ifs.protocols.smb.server.ComTrans.replyTransaction2(Compiled Code)
at oracle.ifs.protocols.smb.server.ComTrans.process(Compiled Code)
at oracle.ifs.protocols.smb.server.ComSmb.handleSmbMessage(Compiled Code)
at oracle.ifs.protocols.smb.server.SmbThread.handleNbMessage(Compiled Code)
at oracle.ifs.protocols.smb.server.SmbThread.readPackets(Compiled Code)
at oracle.ifs.protocols.smb.server.SmbThread.run(Compiled Code)
This behavior actually causes us big problems when editing files via MS Office.
Fortunately Office is able to still save it's data using some generated filename.
(At least until now I could not create any data loss)
But then you have to close it, remap then network drive, rename the file and then
reopen the file. This is big trouble to users, which are not familiar with mapping
network drives and renaming files with extensions.
Is there a way to make the SmbServer keep the LibrarySession alive, as long as
the network drive is mapped ?
Regards,
Jens Lorenz

Workflow #2:
Login to my account
Click view all email
Open Drafts Folder
Open draft email response
Select "Send" to send email (total in session time of 30 seconds)
On screen reload, where I would expect to see some sort of indication that my email was successfully sent, instead the system throws session time out message and kicks me out.
I have no idea if my email was successfully sent or not.
Workflow #3:
Login to my account
Click view all email
Attempted to open the first new email in my inbox (total time in session <15 seconds)
System throws session timeout error and kicks me out to the main login.
There is obviously something going on with your session holding code. The session variable is not being passed correctly or something but it's very, very frustrating to spend 30-45 minutes trying to type out a couple of lines, particularly when you have multiple important activities going on that you need to respond too via email.

Session timeout and custom sso

Hi,
can anyone tell me how the session and idle timeout feature in Apex exactly works?
I built several applications in a workspace and do a sso authorization by setting a common cookie name. In addition to that i set the values for session length and idle timeout and assumed that the session length would be synchronized over all applications. But this doesn't seem to work. For instance, i set the idle timeout to 10 minutes in all applications and now i work for 15 minutes continously in application A and after that i switch over to application B (using the same session id!), the session is already expired in B.
Is this behavior correct? And, if yes, how can i set up a synchronization over all applications?
Jens

Anyone?

Session Timeout and DAD Authentication

My application uses the authentication scheme 'No authentication (using DAD)'. The users log in from an external program and the user IDs are captured in the variable remote_user. My authorization scheme checks that the user ID exists in a database table. All this seems to work fine.
However, I need to implement a session timeout on the application. I've followed the steps described in the "Automatic Session Timeouts" utility in the Application Express Studio but when I tried to modify the authentication scheme by adding:
return auth_pkg.check_timeout;
to the Session Verify Function I got the following errors:
No functional attributes may be set when page sentry function is '-DATABASE-'.
and
Session verification function may not be specified if page sentry function is specified.
I'm new to Apex and I don't know where to go from here. Any advice please?
Thanks
Maria

Maria,
The usual way to do the authentication part is to use a custom page sentry function. Many examples have been posted on the forum based on the ntlm page sentry code. Search for those keywords here (ntml page sentry) and you should find it easily. Then you can modify it by adding the session timeout logic in that function.
Scott

Session Timeout and Url Redirect in BlazeDS?

We have a JSF2 Webapp and Flex 4 integreated.
Question
1. How can we pass the parameters in web.xml to make FLEX4 redirect to login page when the session timeouts instead of giving a AMF Communication Error?
Thanks,
User.

hi, i am also struggling with the same problem, have you got any solution

Session timeout and session.invalidate() -- are they the same?

I was just wondering when a session timeout occurs (either by setting the session-timeout in web.xml or the server's default timeout), is the session automatically invalidated? Or should we call setMaxInactiveInterval() instead? Or is calling session.invalidate() the only way to invalidate a session?

Hello all,
Both are same in terms of functionality, but if you use both of them like
1: You specified the tag sessionTimeout and
2: in your program the session.maxInactiveIntervalTime( value ) here if the value is(we gave it in terms of seconds like for 40 minutes we give 2400) then the program code will override the value previously set in web.xml
Thanks
Prabhakar

IT0009: payment method "cheque" and dynamic actions

Hello,
I need your help on this issue.
I have looking for answers on the different posts but i didn't found any similar problems.
For a customer, i have to settle, in case of departure (leaving) action , the creation in background of an infotype 0009 from infotype 0000 with payment method 'C' - Cheque and the BEGDA equal to the first day of the month. It is a payroll need.
The dynamics action is easy to do but i have an error which makes appears the infotype. Actually, the information City is mandatory in SAP standard (?) in case of payment 'C' - Cheque.
I did the test and when i create infotype 0009, the name of the person, from infotype 0002 i guess, is put in the field but not the adress, city and postal code. If i select payment cheque, an errror alerts me that the city is mandatory for this payment method. If i put something, no problem, but i would like to automate it and retrieve data from IT0006. That is strange is when i delete the payee information (last and first name field) and validate the screen, no more error, even if i select payment cheque. And if i save and go back on the record, data from IT0006 (city, postal code and payee) have been automatically put in the infotype.
I would like to reproduce the same thing by the dynamic action but i can't access these fields because they are not part of the P0009 table but the Q0009 structure and i don't access it through dynamic action
Do you have some experiences to share on this topic ?
Thanks in advance.

hi
To replace a check or to create a check instead of a bank transfer, the system must be able to access the
correct payment method. The standard system contains predefined payment methods. However, you can
also specify your own values.
The standard system contains the following methods of payment:
- C (Check)
- D (Transfer)
- M (Check with manual assignment of check number)
Reward points

Quick Picks and Dynamic Actions not working

I have a page item that includes Quick Pick values. This item also includes a dynamic action to update another item when triggered by a change event. The problem is, quick picks do not trigger change events. Has anyone else seen this and come up with a solution? Thanks.

Hi,
the JavaScript code generated for the Quick Picks is using $s which triggers the change event for the target page item.
I just tried that out and it worked fine for me.
1) I have defined a text field with a few quick pick values.
2) Declared a dynamic action which fires on "Change". No condition set
3) The action is defined as "Alert"
The alert always shows when I pick a value with a quick pick.
Can you put an example on apex.oracle.com so that I can have a look.
Regards
Patrick
My Blog: http://www.inside-oracle-apex.com
APEX 4.0 Plug-Ins: http://apex.oracle.com/plugins
Twitter: http://www.twitter.com/patrickwolf

HR_INFOTYPE_OPERATION and Dynamic Actions

Does HR_INFOTYPE_OPERATION trigger Dynamic Action?
If not, how this needs to be handled?

your best bet would be the person who created the dynamic action.. usually the functional analyst.. you can take a look at the entries in v_t588z via SM30/31.Once you display the entires, an F1 on each field on the screen will tell you what it is for & F4 will give you the possible options..
~Suresh

Buttons and Dynamic Actions

When triggering a dynamic action from a button, I'd like to prevent the page from submitting. Following the advice from earlier threads, I have set the button to redirect to a URL. But since the dynamic action will be performing all the required actions, I'd like the URL invoked by the button to do nothing.
What is the best practice for allowing the button to do no more than initiate the DA?
Thank you
CS
Edit: Alternatively; instead of triggering the DA using an "onclick" event on the button, can I invoke the DA by naming it as the target URL. That would be the preferred solution I think.
Edited by: ChrisS. on Jul 31, 2011 4:50 AM

Thank you very very much Little Foot.
Coincidentally, I just read earlier today an answer from Anthony Rayner to an unrelated question which mentioned this neat solution in passing. After hours of trawling through W3 schools in vain...
CS
Edit: PS Sorry Little foot, I already marked Tobias's answer as correct, so I could only give you a helpful
Edited by: ChrisS. on 06-Sep-2011 05:49 Edit: PS Sorry Little foot, I already marked Tobias's answer as correct, so I could only give you a helpful

BC4J/UIX: How to implement session timeout and logout?

Hi,
I need to implement logout function in my UIX application. We use JAZN basic authentication. So several things need to be done when user clicks 'logout'
1. Any pending transaction is rolled-back.
2. App Module - what to do with it?
3. Browser closes or redirects to other page. Any attempts to go BACK will show either 'session expired' or will redirect to login page.
Also I need a mechanism where if user is idle for say, 10 minutes, that he/she will be automatically logout (maybe after some warning message). How to do this?
Thanks
Rade

Well if you search long enough, you will find your own answers. After months of not having this solved, I found the solution, in a piece of sample code from oracle that is distro with the OC4J stuff.
if (request.getRemoteUser() != null) {
     // notes that the application is responsible for cleanup
     //invalidate the HttpSession
     HttpSession session = request.getSession();
     session.invalidate();
     String url=null;
     oracle.security.jazn.oc4j.WebSSOUtil.globalLogout(response,url);
     } else      out.println("You are not logged in!");
     out.println("</BODY>");
     out.println("</HTML>");
This is the piece I was looking for, a way to kill off the SSO session. Now when I click logoff, the user is actually logged off the application and their HTTP session is killed off as well.
Kelly

Portal Session Timeout and Logon Ticket Timeout

Hi All,
Can anyone give me answers to the following:
- If my Portal session times out, but my logon ticket is still valid, will I lose my session data?
- Is there any way of determining the size of a users session information in memory (or the size of all user sessions in memory). I can see in the Monitoring service in Visual Admin the number of sessions but not their individual or total size.
I'm using EP7.
Cheers,
Steve

Hi,
the Logon Ticket is only used for SSO between the portal and the integrated system. Your session data is stored in the session. If the session times out or gets closed, the session data is lost.
br,
Tobias

Session Timeout and Dynamic Actions

Similar Messages

Maybe you are looking for