Session timeout in OBIEE11g brings Oracle annoyances to new level.

Similar Messages

• Inccreasing the timeout  parameter for the Oracle R12 session

  Hi ,
  We have set profile ICX:SESSION TIME OUT to be 45. But it seems the session times out very quickly. How can this time out be increased ?
  WE are on R12.0.4.
  Best regards,
  brinda

  Hi brinda;
  Please check below and see its helpful for your issue,this topic discussed beforei belive you will get some answer(maybe more) in them
  EBS connection time out
  Re: ICX : Session Timeout
  Forms session timeout
  [Link1|http://www.solutionbeacon.com/best7.htm]
  Regard
  Helios

• Session timeout and Custon login module

  Hi,
  Dev Platform: Jdev 10.1.3.4.0, Oracle 10.2.4
  I'm trying to trap the session timeout and display a page. I'm using the code below from Frank Nimphius. I've also provided a console log of what is happening when the application times out. Instead of the filter being called the system is calling the dblogin module and attempting to login the anonymous user. I renamed the anonymous user and I just see log entries where the system attempted to find the anonymous user.
  If I use the application to logout I get a Logout page with a button to confirm the logout. When I press the button the session is invalidated and the filter code brings up my "Session Timeout" notification page. This isn't what will happen in the end but I just wanted to tell you that the filter does work in certain instances.
  How can I make the system not attempt to login the anonymous user and have the filter code run?
  TIA, Dave
  package isdbs.view.security;
  import java.io.IOException;
  import javax.servlet.Filter;
  import javax.servlet.FilterChain;
  import javax.servlet.FilterConfig;
  import javax.servlet.ServletException;
  import javax.servlet.ServletRequest;
  import javax.servlet.ServletResponse;
  import javax.servlet.http.HttpServletRequest;
  import javax.servlet.http.HttpServletResponse;
  public class ApplicationSessionExpiryFilter implements Filter {
      private FilterConfig _filterConfig = null;
      public void init(FilterConfig filterConfig) throws ServletException {
          _filterConfig = filterConfig;
      public void destroy() {
          _filterConfig = null;
      public void doFilter(ServletRequest request, ServletResponse response,
                           FilterChain chain) throws IOException, ServletException {
          String requestedSession =   ((HttpServletRequest)request).getRequestedSessionId();
          String currentWebSession =  ((HttpServletRequest)request).getSession().getId();
          boolean sessionOk = currentWebSession.equalsIgnoreCase(requestedSession);
          // if the requested session is null then this is the first application
          // request and "false" is acceptable
          if (!sessionOk && requestedSession != null){
              // the session has expired or renewed. Redirect request
              ((HttpServletResponse) response).sendRedirect(_filterConfig.getInitParameter("SessionTimeoutRedirect"));
          else{
              chain.doFilter(request, response);
  }Mar 30, 2009 9:38:04 AM oracle.security.jazn.oc4j.RealmUserAdaptor isMemberOf
  FINE: JAAS-OC4J: Membership check for group: ISDBS_USER failed for user: anonymous
  09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option debug = true
  09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option log level = log all
  09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option logger class = null
  09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option data_source_name = jdbc/elearnDS
  09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option user table = TBL_LOGIN
  09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option roles table = XREF_LOGIN_ROLE
  09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option username column = LOGIN_NM
  09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option password column = PASSWORD
  09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option roles column = ROLE_NM
  09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option user pk column = LOGIN_NM
  09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option roles fk column = LOGIN_NM
  09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option password encoding class = oracle.sample.dbloginmodule.util.DBLoginModuleClearTextEncoder
  09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option realm_column = null
  09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option application_realm = null
  09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] login called on DBTableLoginModule
  09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] Calling callbackhandler ...
  09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] Username returned by callback = null
  09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] User query string: select LOGIN_NM,PASSWORD, LOGIN_ATTEMPTS, ACTIVE_IND from TBL_LOGIN where lower(LOGIN_NM)= lower((?))
  09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] Logon Successful = false
  09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] Abort called on LoginModule
  Mar 30, 2009 9:38:04 AM oracle.security.jazn.oc4j.OC4JUtil doJAASLogin
  WARNING: Login Failure: all modules ignored
  javax.security.auth.login.LoginException: Login Failure: all modules ignored
       at javax.security.auth.login.LoginContext.invoke(LoginContext.java:921)
       at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
       at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
       at java.security.AccessController.doPrivileged(Native Method)
       at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
       at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
       at oracle.security.jazn.oc4j.OC4JUtil.doJAASLogin(OC4JUtil.java:241)
       at oracle.security.jazn.oc4j.GenericUser$1.run(JAZNUserManager.java:818)
       at oracle.security.jazn.oc4j.OC4JUtil.doWithJAZNClsLdr(OC4JUtil.java:173)
       at oracle.security.jazn.oc4j.GenericUser.authenticate(JAZNUserManager.java:814)
       at oracle.security.jazn.oc4j.FilterUser.authenticate(JAZNUserManager.java:1143)
       at com.evermind.server.http.EvermindHttpServletRequest.checkAndSetRemoteUser(EvermindHttpServletRequest.java:3760)
       at com.evermind.server.http.HttpRequestHandler.doProcessRequest(HttpRequestHandler.java:706)
       at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:453)
       at com.evermind.server.http.HttpRequestHandler.serveOneRequest(HttpRequestHandler.java:221)
       at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:122)
       at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:111)
       at oracle.oc4j.network.ServerSocketReadHandler$SafeRunnable.run(ServerSocketReadHandler.java:260)
       at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:303)
       at java.lang.Thread.run(Thread.java:595)
  Mar 30, 2009 9:38:04 AM oracle.security.jazn.oc4j.GenericUser authenticate
  FINE: JAAS-OC4J: Authentication failure for user: null
  Mar 30, 2009 9:38:04 AM oracle.security.jazn.oc4j.RealmUserAdaptor isMemberOf
  FINE: JAAS-OC4J: Membership check for group: ISDBS_USER failed for user: anonymous

  I added an HttpSessionListener upon login here's what I get:
  09/03/31 08:21:25 Inside sessionCreated
  09/03/31 08:21:25 Before New session createb = 0
  09/03/31 08:21:25 Created session id: 854b4b95cf28ceb065d0489a31ee79c19feabb80716f6d828b77fc7044b210bf
  09/03/31 08:21:25 After New session count = 1
  At session timeout here's what I get:
  09/03/31 08:23:27 Count before destroyed = 1
  09/03/31 08:23:27 Destroyed session id: 854b4b95cf28ceb065d0489a31ee79c19feabb80716f6d828b77fc7044b210bf
  09/03/31 08:23:27 Count after destroyed = 0
  09/03/31 08:23:27 Inside sessionCreated
  09/03/31 08:23:27 Before New session createb = 0
  09/03/31 08:23:27 Created session id: 854b4b95cf28ceb065d0489a31ee79c19feabb80716f6d828b77fc7044b210bf
  09/03/31 08:23:27 After New session count = 1
  Notice that the session Id in each case is IDENTICAL. That is why the Filter code isn't doing what it is intended to do. Whay is the same session ID being created after it is destroyed? Is there a configuration parameter that controls it?
  Thanks,
  Dave

• Session Timeouts and SmbServer

  Hi,
  When having iFS mapped to a network drive (via SMB), the SMB server
  is unable to recover from a timeout of the LibrarySession. The network
  drive then seems to be empty and doing a refresh within explorer
  doesn't help either. The only thing that helps, is remapping the
  network drive.
  Within Node.log of iFS I see this stacktrace.
  7/10/02 9:02 AM SmbServer: oracle.ifs.common.IfsException
  oracle.ifs.common.IfsException: IFS-21000: Session is not connected or has timed-out
  at java.lang.Throwable.fillInStackTrace(Native Method)
  at java.lang.Throwable.fillInStackTrace(Compiled Code)
  at java.lang.Throwable.<init>(Compiled Code)
  at java.lang.Exception.<init>(Compiled Code)
  at oracle.ifs.common.IfsException.<init>(Compiled Code)
  at oracle.ifs.common.IfsException.<init>(Compiled Code)
  at oracle.ifs.common.IfsException.<init>(Compiled Code)
  at oracle.ifs.beans.LibraryObject.verifyConnected(Compiled Code)
  at oracle.ifs.beans.Folder.findPublicObjectByPath(Compiled Code)
  at oracle.ifs.beans.FolderPathResolver.findPublicObjectByPath(Compiled Code)
  at oracle.ifs.beans.FolderPathResolver.findPublicObjectByPath(Compiled Code)
  at oracle.ifs.protocols.smb.server.DbTree$DbQuery.<init>(Compiled Code)
  at oracle.ifs.protocols.smb.server.DbTree.getQuery(Compiled Code)
  at oracle.ifs.protocols.smb.server.ComTrans.trans2FindFirst(Compiled Code)
  at oracle.ifs.protocols.smb.server.ComTrans.replyTransaction2(Compiled Code)
  at oracle.ifs.protocols.smb.server.ComTrans.process(Compiled Code)
  at oracle.ifs.protocols.smb.server.ComSmb.handleSmbMessage(Compiled Code)
  at oracle.ifs.protocols.smb.server.SmbThread.handleNbMessage(Compiled Code)
  at oracle.ifs.protocols.smb.server.SmbThread.readPackets(Compiled Code)
  at oracle.ifs.protocols.smb.server.SmbThread.run(Compiled Code)
  This behavior actually causes us big problems when editing files via MS Office.
  Fortunately Office is able to still save it's data using some generated filename.
  (At least until now I could not create any data loss)
  But then you have to close it, remap then network drive, rename the file and then
  reopen the file. This is big trouble to users, which are not familiar with mapping
  network drives and renaming files with extensions.
  Is there a way to make the SmbServer keep the LibrarySession alive, as long as
  the network drive is mapped ?
  Regards,
  Jens Lorenz

  Workflow #2:
  Login to my account
  Click view all email
  Open Drafts Folder
  Open draft email response
  Select "Send" to send email (total in session time of 30 seconds)
  On screen reload, where I would expect to see some sort of indication that my email was successfully sent, instead the system throws session time out message and kicks me out.
  I have no idea if my email was successfully sent or not.
  Workflow #3:
  Login to my account
  Click view all email
  Attempted to open the first new email in my inbox (total time in session <15 seconds)
  System throws session timeout error and kicks me out to the main login.
  There is obviously something going on with your session holding code. The session variable is not being passed correctly or something but it's very, very frustrating to spend 30-45 minutes trying to type out a couple of lines, particularly when you have multiple important activities going on that you need to respond too via email.

• OAM Session timeout

  Hi All,
  I have the following set up configured.
  1)Deployed a web application in a plain(non oim suite related) weblogic domain
  2)Installed OHS,OAM,OIM and OUD
  3)Configured OHS,OAM,OIM and OUD for SSO in OAM with the external URL from the independent weblogic domain
  4)Independent Weblogic domain is configured with OAMIdentityAsserter and OUD Authentication provider
  My query is as below.
  I have the session time out value configured as 600(seconds) in weblogic.xml of the web application.
  Now when the access the web application through OHS SSO URL, the session is not waiting for 600 seconds to timeout,but getting invalidated in around 30 seconds.
  How to resolve this issue.
  Please advice.
  I have the following configured in OHS proxy.
  <Location /bc>
  SetHandler weblogic-handler
  WebLogicHost ZZZZZZ.oracle.com
  WebLogicPort 9001
  </Location>
  firebug show the following URL getting hit just after the session invalidation http://ZZZZZ.com/oam/server/obrareq.cgi?encquery%3DHBGRZNUhr5Ucxs
  and the following error gets logged in oam server
  "Session invalid as returned by CHECK_VALID_SESSION_RESPONSE responseEvent fail>"
  Kindly suggest.
  Thanks,
  Praveen

  Verify whats session timeout value present in below config:
  http://docs.oracle.com/cd/E27559_01/admin.1112/e27239/session.htm#AIAAG354
  To edit the OAM common session settings:
  Log in to Oracle Access Manager.
  Click System Configuration.
  From the Common Configuration panel, double-click Common Settings.
  In the Session area:
  In Session Lifetime, increase the current value.
  In IdleTimeout (minutes), increase the current value.
  Click Apply.
  ~J

• Session Timeout directly taking to login page

  Hi,
  In our application when session time out happens, it is directly taking to login page, instead of showing the time out error message . We have a CustomExceptionHandler defined in our application. When I debugged, I identified that the following error message
  <StateManagerImpl><restoreView> Could not find saved view state for token -ppfn0o4n8 (*ADF_FACES-30107)*
  comes when user clicks login the second time.
  We want to know how to get the error message first before it goes to the login page? Any configuration we are missing?
  Here is our applications web.xml
  <?xml version = '1.0' encoding = 'UTF-8'?>
  <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" version="2.5" xmlns="http://java.sun.com/xml/ns/javaee">
  <description>Empty web.xml file for Web Application</description>
  <context-param>
  <param-name>javax.faces.STATE_SAVING_METHOD</param-name>
  <param-value>client</param-value>
  </context-param>
  <context-param>
  <param-name>jndiContext</param-name>
  <param-value>inv</param-value>
  </context-param>
  <context-param>
  <param-name>UserEnvironmentName</param-name>
  <param-value>UserEnvironment</param-value>
  </context-param>
  <context-param>
  <param-name>CacheConfigureFile</param-name>
  <param-value>inv-cache.xml</param-value>
  </context-param>
  <context-param>
  <param-name>SecurityRepositoryClass</param-name>
  <param-value>oracle.communications.inventory.api.framework.security.impl.SecurityRepositoryImpl</param-value>
  </context-param>
  <context-param>
  <description>Whether the 'Generated by...' comment at the bottom of ADF Faces HTML pages should contain version number information.</description>
  <param-name>oracle.adf.view.rich.versionString.HIDDEN</param-name>
  <param-value>false</param-value>
  </context-param>
  <context-param>
  <param-name>oracle.adfinternal.view.rich.libraryPartitioning.ENABLED</param-name>
  <param-value>true</param-value>
  </context-param>
  <context-param>
  <param-name>ilog.views.faces.CONTROLLER_PATH</param-name>
  <param-value>/_contr</param-value>
  </context-param>
  <context-param>
  <param-name>ilog.views.faces.CONTENT_LENGTH_ENABLED</param-name>
  <param-value>true</param-value>
  </context-param>
  <context-param>
  <description>If this parameter is true, there will be an automatic check of the modification date of your JSPs, and saved state will be discarded when JSP's change. It will also automatically check if your skinning css files have changed without you having to restart the server. This makes development easier, but adds overhead. For this reason this parameter should be set to false when your application is deployed.</description>
  <param-name>org.apache.myfaces.trinidad.CHECK_FILE_MODIFICATION</param-name>
  <param-value>false</param-value>
  </context-param>
  <context-param>
  <param-name>APPLICATION_NAME</param-name>
  <param-value>Unified Inventory Management</param-value>
  </context-param>
  <context-param>
  <param-name>COPYRIGHT_FROM_YEAR</param-name>
  <param-value>2007</param-value>
  </context-param>
  <context-param>
  <param-name>COPYRIGHT_TO_YEAR</param-name>
  <param-value>2011</param-value>
  </context-param>
  <context-param>
  <!-- Maximum memory per request (in bytes) -->
  <param-name>org.apache.myfaces.trinidad.UPLOAD_MAX_MEMORY</param-name>
  <!-- Use 500K -->
  <param-value>512000</param-value>
  </context-param>
  <context-param>
  <!-- Maximum disk space per request (in bytes) -->
  <param-name>org.apache.myfaces.trinidad.UPLOAD_MAX_DISK_SPACE</param-name>
  <!-- Use 100M -->
  <param-value>104857600</param-value>
  </context-param>
  <filter>
  <filter-name>trinidad</filter-name>
  <filter-class>org.apache.myfaces.trinidad.webapp.TrinidadFilter</filter-class>
  </filter>
  <filter-mapping>
  <filter-name>trinidad</filter-name>
  <servlet-name>Faces Servlet</servlet-name>
  <dispatcher>FORWARD</dispatcher>
  <dispatcher>REQUEST</dispatcher>
  </filter-mapping>
  <listener>
  <listener-class>oracle.communications.inventory.api.framework.listener.ContextListener</listener-class>
  </listener>
  <listener>
  <listener-class>oracle.communications.inventory.ui.framework.IlogContextListener</listener-class>
  </listener>
  <!-- Cartridge Installer servlet for post re-deploy -->
  <listener>
  <listener-class>
  oracle.communications.inventory.cartridge.deploy.CartridgeInstallerServletContextListener
  </listener-class>
  </listener>
  <persistence-context-ref>
  <persistence-context-ref-name>persistence/EntityManager</persistence-context-ref-name>
  <persistence-unit-name>default</persistence-unit-name>
  </persistence-context-ref>
  <listener>
  <listener-class>oracle.adf.mbean.share.connection.ADFConnectionLifeCycleCallBack</listener-class>
  </listener>
  <listener>
  <listener-class>oracle.adf.mbean.share.config.ADFConfigLifeCycleCallBack</listener-class>
  </listener>
  <servlet>
  <servlet-name>BIGRAPHSERVLET</servlet-name>
  <servlet-class>oracle.adfinternal.view.faces.bi.renderkit.graph.GraphServlet</servlet-class>
  </servlet>
  <servlet>
  <servlet-name>BIGAUGESERVLET</servlet-name>
  <servlet-class>oracle.adfinternal.view.faces.bi.renderkit.gauge.GaugeServlet</servlet-class>
  </servlet>
  <servlet>
  <servlet-name>MapProxyServlet</servlet-name>
  <servlet-class>oracle.adfinternal.view.faces.bi.renderkit.geoMap.servlet.MapProxyServlet</servlet-class>
  </servlet>
  <servlet>
  <servlet-name>GatewayServlet</servlet-name>
  <servlet-class>oracle.adfinternal.view.faces.bi.renderkit.graph.FlashBridgeServlet</servlet-class>
  </servlet>
  <servlet>
  <servlet-name>media</servlet-name>
  <servlet-class>oracle.communications.inventory.ui.media.servlet.MediaServlet</servlet-class>
  </servlet>
  <servlet-mapping>
  <servlet-name>BIGRAPHSERVLET</servlet-name>
  <url-pattern>/servlet/GraphServlet/*</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>BIGAUGESERVLET</servlet-name>
  <url-pattern>/servlet/GaugeServlet/*</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>MapProxyServlet</servlet-name>
  <url-pattern>/mapproxy/*</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>resources</servlet-name>
  <url-pattern>/bi/*</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>GatewayServlet</servlet-name>
  <url-pattern>/flashbridge/*</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>media</servlet-name>
  <url-pattern>/media_image</url-pattern>
  </servlet-mapping>
  <resource-ref>
  <res-ref-name>wm/ruleWorkManager</res-ref-name>
  <res-type>commonj.work.WorkManager</res-type>
  <res-auth>Container</res-auth>
  <res-sharing-scope>Unshareable</res-sharing-scope>
  </resource-ref>
  <filter>
  <filter-name>JpsFilter</filter-name>
  <filter-class>oracle.security.jps.ee.http.JpsFilter</filter-class>
  <init-param>
  <param-name>enable.anonymous</param-name>
  <param-value>true</param-value>
  </init-param>
  <init-param>
  <param-name>remove.anonymous.role</param-name>
  <param-value>false</param-value>
  </init-param>
  <init-param>
  <param-name>addAllRoles</param-name>
  <param-value>true</param-value>
  </init-param>
  <init-param>
  <param-name>jaas.mode</param-name>
  <param-value>doasprivileged</param-value>
  </init-param>
  </filter>
  <filter>
  <filter-name>ADFLibraryFilter</filter-name>
  <filter-class>oracle.adf.library.webapp.LibraryFilter</filter-class>
  </filter>
  <filter>
  <filter-name>adfBindings</filter-name>
  <filter-class>oracle.adf.model.servlet.ADFBindingFilter</filter-class>
  </filter>
  <filter-mapping>
  <filter-name>JpsFilter</filter-name>
  <servlet-name>Faces Servlet</servlet-name>
  <dispatcher>FORWARD</dispatcher>
  <dispatcher>REQUEST</dispatcher>
  <dispatcher>INCLUDE</dispatcher>
  </filter-mapping>
  <filter-mapping>
  <filter-name>ADFLibraryFilter</filter-name>
  <url-pattern>/*</url-pattern>
  </filter-mapping>
  <filter-mapping>
  <filter-name>adfBindings</filter-name>
  <servlet-name>Faces Servlet</servlet-name>
  <dispatcher>FORWARD</dispatcher>
  <dispatcher>REQUEST</dispatcher>
  </filter-mapping>
  <servlet>
  <servlet-name>Faces Servlet</servlet-name>
  <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
  <load-on-startup>1</load-on-startup>
  </servlet>
  <servlet>
  <servlet-name>resources</servlet-name>
  <servlet-class>org.apache.myfaces.trinidad.webapp.ResourceServlet</servlet-class>
  </servlet>
  <servlet>
  <servlet-name>adflibResources</servlet-name>
  <servlet-class>oracle.adf.library.webapp.ResourceServlet</servlet-class>
  </servlet>
  <servlet>
  <servlet-name>adfAuthentication</servlet-name>
  <servlet-class>oracle.adf.share.security.authentication.AuthenticationServlet</servlet-class>
  <init-param>
  <param-name>success_url</param-name>
  <param-value>/faces/InventoryUIShell</param-value>
  </init-param>
  <load-on-startup>1</load-on-startup>
  </servlet>
  <servlet>
  <servlet-name>Controller</servlet-name>
  <servlet-class>ilog.views.faces.IlvFacesController</servlet-class>
  <load-on-startup>3</load-on-startup>
  </servlet>
  <servlet-mapping>
  <servlet-name>Faces Servlet</servlet-name>
  <url-pattern>/faces/*</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>resources</servlet-name>
  <url-pattern>/adf/*</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>resources</servlet-name>
  <url-pattern>/afr/*</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>adflibResources</servlet-name>
  <url-pattern>/adflib/*</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>adfAuthentication</servlet-name>
  <url-pattern>/adfAuthentication</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>Controller</servlet-name>
  <url-pattern>/_contr/*</url-pattern>
  </servlet-mapping>
  <session-config>
  <session-timeout>35</session-timeout>
  </session-config>
  <mime-mapping>
  <extension>html</extension>
  <mime-type>text/html</mime-type>
  </mime-mapping>
  <mime-mapping>
  <extension>txt</extension>
  <mime-type>text/plain</mime-type>
  </mime-mapping>
  <jsp-config>
  <jsp-property-group>
  <url-pattern>*.jsff</url-pattern>
  <is-xml>true</is-xml>
  </jsp-property-group>
  </jsp-config>
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>allPages</web-resource-name>
  <url-pattern>/</url-pattern>
  </web-resource-collection>
  <auth-constraint>
  <role-name>valid-users</role-name>
  </auth-constraint>
  </security-constraint>
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>Unsecured resources</web-resource-name>
  <url-pattern>/images/</url-pattern>
  <url-pattern>*.png</url-pattern>
  <url-pattern>*.gif</url-pattern>
  <url-pattern>*.jpg</url-pattern>
  <url-pattern>*.jpeg</url-pattern>
  <url-pattern>*.bmp</url-pattern>
  <url-pattern>*.css</url-pattern>
  <url-pattern>*.js</url-pattern>
  <url-pattern>/css/*</url-pattern>
  <url-pattern>/afr/blank.html</url-pattern>
  </web-resource-collection>
  </security-constraint>
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>adfAuthentication</web-resource-name>
  <url-pattern>/adfAuthentication</url-pattern>
  </web-resource-collection>
  <auth-constraint>
  <role-name>valid-users</role-name>
  </auth-constraint>
  </security-constraint>
  <login-config>
  <auth-method>FORM</auth-method>
  <form-login-config>
  <form-login-page>/faces/login.jspx</form-login-page>
  <form-error-page>/faces/error.jspx</form-error-page>
  </form-login-config>
  </login-config>
  <security-role>
  <role-name>valid-users</role-name>
  </security-role>
  <welcome-file-list>
  <welcome-file>/faces/InventoryUIShell</welcome-file>
  </welcome-file-list>
  </web-app>

  hi
  this can be done using a simple "Servlet Filters" which will check whether the user session is valid or not. so for every connect to the server the filter runs and redirects to the login page if the session has expired. here you can configure your filter to be activated for every URL or a patterns of urls.
  u need servlet2.3 supported server for this.
  hope this helps
  shrini
  I have an business j2ee application run on oc4j. When the session timeout declared on the web.xml expire, i want to redirect automaticaly the user to my login.jsp to force him to reconnect. I try j_security_chek, but i want to restart the business application at the top and not to the page which are request. Somebody know who i can do this mechanism. I try too special tag in jsp, this run very good but i have to repeate this call on every page. I look for an other simply mechanism to that
  Thanks

• In APEX clicking the hyper link doesn't trigger session timeout page

  Hi All,
  I have a question about the session time out in APEX application. I have created a simple APEX application. In the SQL report region section, i have code like this:
  SELECT DOC_Name, DOC_URL,
  '<a href="' || DOC_URL || ' target="_blank"/">Download file</a>' pdf_link
  FROM test_table
  where emp_number =00010001
  When user clicks on the hyper link, it will display the destination page to user(for example if DOC_URL = 'http://forums.oracle.com', it will display the oracle forum page in a new browser).
  But the issue is that, after user's session timeout (I set for 240 seconds through Shared Components>Edit Security Attributes, i set max the session timeout for example 240 seconds), when i click on this hyperlink, it doesn't trigger my session timeout page and it still displays the page (oracle forum page).
  Why in APEX clicking the hyper link doesn't trigger session timeout page after the user session timeout???
  how to implememt or fix to trigger the session timeout page after clicking on the hyperlinks?
  (BTW, our APEX version is 3.2)
  Thanks!

  Hi Lily,
  the reason for that behavior is that APEX is not involved anymore if you click on an external link. That's completely handled by your browser.
  To involve APEX timeout handling you could redirect to a specific page in your application which performs the final redirect.
  For example:
  1) Create a new page 999
  2) Create hidden page item P999_URL
  3) Create a before header PL/SQL process with the following source
  owa_util.redirect_url('http://'||:P999_URL);
  apex_application.g_unrecoverable_error := TRUE;If you want to embed a link, create a link to page 999 and set the page item P999_URL to forums.oracle.com
  You could also add a white list into the above code to verify that you are just redirecting to valid URLs, so that nobody is using your trusted application URL for phishing attacks.
  Hope that gives you a direction
  Patrick
  Regards
  Patrick
  My Blog: http://www.inside-oracle-apex.com
  APEX 4.0 Plug-Ins: http://apex.oracle.com/plugins
  Twitter: http://www.twitter.com/patrickwolf

• Apex Version 4.2: Why doesn't the session timeout parameter settings work?

  Prior to an upgrade to Apex Version 4.2.0.00.27, we ran Apex Version 4.1 in our environment. This is on a platform using Oracle Database Enterprise Edition 11g R2 on Windows Server 2008. The session timeout parameters (set for a single application using "Shared Components" -> "Security Attributes") were set to the following:
  Maximum Session Time: 1 day
  Maximum Session Idle Time: 8 hours
  This worked with no problems in Apex 4.1; our user would leave a data entry form open for several hours, complete the data entry then submit the page. Now, with the upgrade to Apex 4.2, doing the same thing causes the system to redirect to the login page and aborting any edits or new data entered into the form previously.
  I have tried to set both session parameters to ZERO (0) which is what the documentation explains is the equivallent to "no timeout" but that didn't work as well.
  I have reset the session control parameters to what they were before the upgrade and my session times out before the time values I set. (on the version 4.2 upgraded instance).
  Why was the session timeout parameters I set ignored by the system? Can anyone else out there confirm/repeat the problem I observed?

  Hi Richard,
  You probable have it ok, but the time should be in seconds.
  Kees

• Netlet Session timeout

  Does anybody in this forum have problem with the netlet session timeout?
  We use Netlet to run Citrix applications behind the portal. The Netlet session gets killed at any moment in the range of 6 hours to 40 hours in the production environment. We use portal6.0 with NetletKeepAlive patch installed. Session timeout and idle timeout are set to 48 hours, keep alive interval in Netlet is 1 minute.
  For the user to access the portal (and application thereafter), he has to go through proxy server at his end, and firewall at server side.
  Without proxy and firewall in our test environment , the Netlet session stays much longer and is more predictable. Could the proxy server and firewall complicate the session? Thanks.

  Pl post details of OS and EBS versions.
  These docs may also help
  How To Fix The Forms Timeout Issue In Oracle Applications 11i          (Doc ID 269884.1)
  How to Control iStore Session Timeout          (Doc ID 377436.1)
  HTH
  Srini

• JSF 1.2 Session Timeout Issue

  I am using using:
  JSF- Sun RI (1.2)
  Websphere (6.1)
  Facelets (1.?)
  RichFaces (3.3.2)
  I am having an issue with session timeouts that shows up in two different ways:
  Scenario 1) the client makes an ajax call after the session has timed out
  Scenario 2) the client makes a standard request after the session has timed out - navigating to a new page
  I seem to be able to address one or the other, but I can't seem to find a solution that fixes both scenarios.
  For Scenario 1, I have the client-side A4J.AJAX.onExpired function defined and that is currently working for session timeouts that are discovered via an ajax request.
  However, if I start making changes to try and address the other scenario, it seems to break the A4J javascript function.
  For Scenario 2, I have tried a number of suggestions that I've found online:
  1) I've tried to configure the error page in web.xml:
  <error-page>
       <exception-type>javax.faces.application.ViewExpiredException</exception-type>
       <location>/timeout.jsf</location>
  </error-page>
  However, anything I seem to try around this solution still winds up with a ViewExpiredException. I've tried to have timeout.jsf redirect to the login page and I get a ViewExpiredException on the login page when the redirect happens. I've tried to just render a timeout page with a link the user can click on to go to the login page and that fails as well.
  2) I've tried the phase listener and had little success too.
  3) I tried a NavigationHandler
  One thing I did have working, I believe, was with the phase listener approach, but I had a difficult time displaying a session timed out message upon redirect, but not the first time the user visited the page.
  I'm relatively new to JSF and probably don't understand the app life cycle well enough, I guess, but is there a solution that addresses all of these issues:
  1) works for AJAX calls
  2) works for actual navigation
  3) sends the user back to the login page with some indication as to "why", but gracefully handles the first visit to the login page (or a logout)
  Thanks for any suggestions you can offer.

  Sorry, but I have to disagree. Loading JavaScript at the beginning of your page would only make the page load slower (and "ruin" the user's experience when they see the page being loaded steadily) and also cause unforeseen issues than to leave it at the bottom of your page.
  Big companies like Google (1999), Yahoo (2000), Oracle (2001) and many others are doing the opposite to what you have said. Look at the way they load their JavaScripts and you'll see.
  It's also good practice to zip your content from the server before sending it to the client's web browser to increase performance. Of course, this will depend on whether your web browser supports methods such as gzip, deflate, etc... and whether you use HTTP or HTTPS.
  Lastly, another bad practice I often see Java programmers do is write the following all over the places:
  setString, setInt, setDouble, etcInstead of using an existing feature of Java to do the same in one procedure, as in:
  public static void setParameters(PreparedStatement preparedStatement, Object... values)
     throws SQLException
     for (int i = 0; i < values.length; i++) {
        preparedStatement.setObject(i + 1, values);
  Then just call *setParameters* whenever you need it instead of writing multiple setString, setInt, etc statements everywhere...                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               

• Setting session timeout in OracleWeblogic Server

  Hi All,
  I have doubt in setting session time out in Oracle WLS server 12c. Please suggest,
  There are two ways as i know editing the below files.
  1) weblogic.xml
  2) web.xml
  But when I open the weblogic.xml it has the below code, if we edit the value in
  <timeout-secs>3600</timeout-secs>
  the value implied for the admin console only as i know, the admin console will ask the user to re-login if the session is idle for morethan 6 mins.
  But If there is an application deployed like a bank.war file and customer is accessing the application. I want to set the user session time out to 2 mins i.e 120 seconds. How to set this in the server level ?
  Oracle Webogic server level ?
  <session-descriptor>
      <timeout-secs>3600</timeout-secs>
      <invalidation-interval-secs>60</invalidation-interval-secs>
      <cookie-name>ADMINCONSOLESESSION</cookie-name>
      <cookie-max-age-secs>-1</cookie-max-age-secs>
      <url-rewriting-enabled>false</url-rewriting-enabled>
  </session-descriptor>
  In the default web,xml  there is no param called timeout..
  Thanks
  Venkat

  Hello Venkat,
  I have implemented the same in my Application(OBIEE).Check it may helpful for you.
  Sasi Nagireddy: HOW TO CONFIGURE SESSION TIMEOUT IN OBIEE-11G..
  Thanks,
  Sasi Nagireddy..

• Solution Manager 7.1 SP4: Session Timeout during SOLMAN_SETUP

  Hello Experts,
  We recently installed Solution Manager 7.1 SP4 on Linux/Oracle. We also completed the System Preparation and Basic Configuration part of the SOLMAN_SETUP wizard as well (which includes applying the Central Correction Note and other steps).
  During the Managed System Setup Part, as soon as we click on the Configure System for a managed system - a new window opens up and immediately we get the below timeout messages:
  This session will terminate due to inactivity in 0:00 minutes
  To continue working in this session, choose 'Continue Session'
  The above is immediately followed by the actual session timeout message:
  This session terminated due to inactivity.
  Click Close Popup
  or to start new session, press F5.
  Now even if we press F5/Refresh, the same cycle repeats.
  I already checked the ICM timeout parameters as mentioned in the Guide and further findings with regards to ITS update as in thread WEBGUI Timeout immediately after logging in
  Applying the latest kernel patch also did not help. The strange issue is that the session timeout occurs only the LMDB related services, wherease normal services like WEBGUI etc work fine.
  Please suggest if anyone came across this issue, especially after update to SP04.
  Thanks and Regards,
  Srikishan

  Hi,
  Thanks, I will check the note steps and close this thread accordingly.
  Perhaps I need to hone my notes searching skills !
  Regards,
  Srikishan

• Portal session Timeout

  Hi,
  I want to increase the portal session timeout to 2hrs. We have 2 Portal server which are load balanced. The configuration is as below:
  Portal Version: 10.3.0.337003
  .NET Version: 2.0
  OS: Win 2003 Server
  Database : Oracle 11g
  IIS:6.0
  On both the server I have edited the session time out parameter corresponding to the file as mentioned below:
  Portalconfig.xml :
  <setting name="BrowserLoginTokenExpiration">
  <value xsi:type="xsd:integer">120</value>
  </setting>
  BEA Web.config
  <sessionState cookieless="false" timeout="120" />
  .NET Web.Config
  <sessionState timeout="120" />
  But still the we are not able to achive 2 hrs of session timeout. Do we have to make entry in .NET machine.config? Please let me know if thier is any other file where changes is required?
  Also in lower environment, we have our portal installed on .NET 2.0 framework ( only one instance of portal server ), we are able to achive 2Hrs of session time out by modifying the state management session time out value ( default website-> properties->asp.net tab->edit configuration->state management tab)
  Please help me!!
  Edited by: Oracle WCI on Oct 10, 2011 1:43 PM

  As per the documents share by oracle support..only place in WCI 10gr3 (10.3.0.1) and IIS where we set timeout value is State Management tab (default website->portal ->properties->asp.net->edit configuration-state management)..we have this valye set to 2Hrs (120 min) on both the portal server ( load balanced)..but still portal is getting time out after 1 hrs..I am not sure which external factore is limiting this to 1 hrs..
  both portal server are load balanced and IWA is implemented...
  Any light on the external factor line SSO setting, Load balanced ..etc will be higly appriciated..Please help!!

• Portal Session Timeout Setting

  There is a JServ session and a portal session. I know how to control session timeout and session clean up frequency in JServ - that's in zone.properties. But, I dont know how to set timeout for portal session, i.e., I'd like to have the user be forced to login again when he has been idle for 15 mins - and only if he has been idle. Jserv session settings are not sufficient for this because Portal has it's own session that must time out.
  How to set this timeout value (I'm using my own provider which has a timeout setting in zone.properties and includes a bunch of JSP portlets)? Also, is there a clean up thread for which the frequency has to be set?

  I've contacted metalink weeks ago, and this is NOW, a know bug...
  Incredible... Oracle just DO NOT TEST their products... Even a simple SESSION timeout do not work. Also, if I click back after "I log In and Log out" ... Session still up without have to login again!
  BUG 2442268

• Handle Session Timeout

  I am using JDeveloper 11.1.1.6.
  I am trying to gracefully handle session time outs in ADF. My application has been experiencing the 'canned' ADF session timeout popup when I am logged into my application and the session has timed out. That same popup is rendered even if I am sitting at my login page but haven't signed in.
  I have followed Frank Nimphius's guidance as explained in the following forum to have my application re-direct to the login page after session timeout. That works great thanks to his well detailed document.
  ADF Faces : session timeout best practice
  The concern I have now is if I am sitting at my login page and my session times out, the application stays at the login page. I now type my credentials and click log in. Because the application thinks my session is timed out, I am taken back to the login page. Ideally I wouldn't think the login page would hold a session. Do you have any guidance on how I can get around this.

  Hi,
  what about using programmatic login, in which case the login form is part of a public page (see http://www.oracle.com/technetwork/issue-archive/2012/12-jan/o12adf-1364748.html for an example you can download)
  Frank