Session Timeouts (Weblogic/Code)

Similar Messages

• Session Timeout in weblogic 6.1 SP3-- Urgent

  Hi
  We are currently using weblogic 6.1 SP3 and iPlanet for our application. The session timeout in web.xml is set to 100 mins but the session doesn't timeout, i.e., we can still access the application without being locked out. How can I fix this??
  What is happening is that a new session is being created automatically after the sesion timeout. our application doesn't validate the user.. the authentication is done by some PKI tokens. can that be the reason for this behavior??? If so, how can we fix it??

  What is the heap size ? How many useres are hitting the system ? What is the approx size of the session? Turn on -verbose:gc and monitor the GC activity. Are the sessions really inactive ?
  Make the timeout 30 secs and the InvalidationIntervalSecs to 20 secs and see if it makes a difference.
  If you still have the same results attach the pofiler trace here. A test case would be good too.
  Rakesh Aggarwal wrote:
  We are running a J2EE servlet in Weblogic 6.1 SP3 on Windows NT. The test client to this servlet opens a new Http session on every request.
  The server containing the servlet does not seem to be releasing memory associated with the session. The server eventually runs out of memory due to this. We verified this with a profiler tool. It shows Strings allocated with ServletRequestImpl.getSession() (weblogic.servlet.internal.session.RSID.getID()) not freed. We have set the session invalidation timeout to 1 min using:
  1) session-timeout=1 in web.xml,
  2) TimeoutSecs=60, InvalidationIntervalSecs=60 in weblogic.xml for the web-app containing the servlet.
  We have also tried setting session.setMaxInactiveInterval(60secs) for the servlet. The latter setting does seem to work as verified from a UI client. We are wondering whether weblogic server is not cleaning up the session even after invalidating it.
  We are not saving any reference to the Http session in our servlet. So we would think that the weblogic server should cleanp the inactive session after 1 min according to the above setting.
  Any help regarding this will be sincerely appreciated. Thanks.
  -Rakesh--
  Rajesh Mirchandani
  Developer Relations Engineer
  BEA Support

• I received an itunes store gift certificate. When I try to redeem it, the screen says Session Timeout.  I have entered and reentered the certificate code, but Session Timeout comes up each time.  What am I doing wrong?

  I received an iTunes gift certificate for Christmas.  When I try to redeem it, a window comes up saying "Session Timeout."  I have signed out, signed back in, tried again, and when I enter the code and press Redeem, the "Session Timeout--Your session has timed out.  Try again." message pops up.  What am I doing wrong?

  Clic here:  iTunes: Advanced iTunes Store troubleshooting
  Then click:  Expand All Sections
  Then scroll down to error 5002.

• Session-timeout is happening intermittently for few users in weblogic.

  Hi,
  We have a war file deployed on a cluster. And from the past 3 days, few users are reporting that the session is getting timed out within 30 mins.
  Actually the session timeout is set for 240 mins(4 hrs), this is defined in the web.xml file.
  And the interesting thing is , this is not happening to everyone. Only few users are facing this session timeout in sometime.
  Any suggestions or such experiences!!!

  Hi,
  What is the exact error that the user is seeing in their browser ?
  Does this happen with all browsers ?
  Thanks,
  Sharmela

• Setting session timeout in OracleWeblogic Server

  Hi All,
  I have doubt in setting session time out in Oracle WLS server 12c. Please suggest,
  There are two ways as i know editing the below files.
  1) weblogic.xml
  2) web.xml
  But when I open the weblogic.xml it has the below code, if we edit the value in
  <timeout-secs>3600</timeout-secs>
  the value implied for the admin console only as i know, the admin console will ask the user to re-login if the session is idle for morethan 6 mins.
  But If there is an application deployed like a bank.war file and customer is accessing the application. I want to set the user session time out to 2 mins i.e 120 seconds. How to set this in the server level ?
  Oracle Webogic server level ?
  <session-descriptor>
      <timeout-secs>3600</timeout-secs>
      <invalidation-interval-secs>60</invalidation-interval-secs>
      <cookie-name>ADMINCONSOLESESSION</cookie-name>
      <cookie-max-age-secs>-1</cookie-max-age-secs>
      <url-rewriting-enabled>false</url-rewriting-enabled>
  </session-descriptor>
  In the default web,xml  there is no param called timeout..
  Thanks
  Venkat

  Hello Venkat,
  I have implemented the same in my Application(OBIEE).Check it may helpful for you.
  Sasi Nagireddy: HOW TO CONFIGURE SESSION TIMEOUT IN OBIEE-11G..
  Thanks,
  Sasi Nagireddy..

• Erratic session timeout

  Hi
  We are getting erratic session timeout behaviour in our application. Debugging thru the application shows that occassionally, the session that is supposed to be associated with a particular login user gets swapped for another session that does not have seem to have any associations within the application.
  This is confirmed by printing out the session id when the user logs in and then comparing it with the session id when a timeout error occurs in our app. In our code, the condition when a timeout occurs is when the session is either null or the login id attribute we have previously set in the session is null. A common action in our app ensures that a new session is always created if it has been invalidated. However, in my debug code, I'd check if the session is new and print out different messages accordingly. In cases when we get the erractic timeouts, the debug message always tells me that the session is actually not a new one.
  My question is, where did this spurious session come from?
  Is there an issue with how weblogic handles session association with requests?
  We have tried using different browsers and the problem still occurs. The browsers all accept cookies and URLrewriting has been enabled. We have also tried varying the session timeout in weblogic.xml but this erratic session timeout still occurs before we actually reach the timeout period set. Lastly, there is only one single app running in a non clustered env.
  Any help to shed some light on this issue would be greatly appreciated.
  Cheers

  we are having a similar issue, were you able to resolve the issue?
  Thanks for your help in advance.

• Session Timeouts and SmbServer

  Hi,
  When having iFS mapped to a network drive (via SMB), the SMB server
  is unable to recover from a timeout of the LibrarySession. The network
  drive then seems to be empty and doing a refresh within explorer
  doesn't help either. The only thing that helps, is remapping the
  network drive.
  Within Node.log of iFS I see this stacktrace.
  7/10/02 9:02 AM SmbServer: oracle.ifs.common.IfsException
  oracle.ifs.common.IfsException: IFS-21000: Session is not connected or has timed-out
  at java.lang.Throwable.fillInStackTrace(Native Method)
  at java.lang.Throwable.fillInStackTrace(Compiled Code)
  at java.lang.Throwable.<init>(Compiled Code)
  at java.lang.Exception.<init>(Compiled Code)
  at oracle.ifs.common.IfsException.<init>(Compiled Code)
  at oracle.ifs.common.IfsException.<init>(Compiled Code)
  at oracle.ifs.common.IfsException.<init>(Compiled Code)
  at oracle.ifs.beans.LibraryObject.verifyConnected(Compiled Code)
  at oracle.ifs.beans.Folder.findPublicObjectByPath(Compiled Code)
  at oracle.ifs.beans.FolderPathResolver.findPublicObjectByPath(Compiled Code)
  at oracle.ifs.beans.FolderPathResolver.findPublicObjectByPath(Compiled Code)
  at oracle.ifs.protocols.smb.server.DbTree$DbQuery.<init>(Compiled Code)
  at oracle.ifs.protocols.smb.server.DbTree.getQuery(Compiled Code)
  at oracle.ifs.protocols.smb.server.ComTrans.trans2FindFirst(Compiled Code)
  at oracle.ifs.protocols.smb.server.ComTrans.replyTransaction2(Compiled Code)
  at oracle.ifs.protocols.smb.server.ComTrans.process(Compiled Code)
  at oracle.ifs.protocols.smb.server.ComSmb.handleSmbMessage(Compiled Code)
  at oracle.ifs.protocols.smb.server.SmbThread.handleNbMessage(Compiled Code)
  at oracle.ifs.protocols.smb.server.SmbThread.readPackets(Compiled Code)
  at oracle.ifs.protocols.smb.server.SmbThread.run(Compiled Code)
  This behavior actually causes us big problems when editing files via MS Office.
  Fortunately Office is able to still save it's data using some generated filename.
  (At least until now I could not create any data loss)
  But then you have to close it, remap then network drive, rename the file and then
  reopen the file. This is big trouble to users, which are not familiar with mapping
  network drives and renaming files with extensions.
  Is there a way to make the SmbServer keep the LibrarySession alive, as long as
  the network drive is mapped ?
  Regards,
  Jens Lorenz

  Workflow #2:
  Login to my account
  Click view all email
  Open Drafts Folder
  Open draft email response
  Select "Send" to send email (total in session time of 30 seconds)
  On screen reload, where I would expect to see some sort of indication that my email was successfully sent, instead the system throws session time out message and kicks me out.
  I have no idea if my email was successfully sent or not.
  Workflow #3:
  Login to my account
  Click view all email
  Attempted to open the first new email in my inbox (total time in session <15 seconds)
  System throws session timeout error and kicks me out to the main login.
  There is obviously something going on with your session holding code. The session variable is not being passed correctly or something but it's very, very frustrating to spend 30-45 minutes trying to type out a couple of lines, particularly when you have multiple important activities going on that you need to respond too via email.

• OAM Session timeout

  Hi All,
  I have the following set up configured.
  1)Deployed a web application in a plain(non oim suite related) weblogic domain
  2)Installed OHS,OAM,OIM and OUD
  3)Configured OHS,OAM,OIM and OUD for SSO in OAM with the external URL from the independent weblogic domain
  4)Independent Weblogic domain is configured with OAMIdentityAsserter and OUD Authentication provider
  My query is as below.
  I have the session time out value configured as 600(seconds) in weblogic.xml of the web application.
  Now when the access the web application through OHS SSO URL, the session is not waiting for 600 seconds to timeout,but getting invalidated in around 30 seconds.
  How to resolve this issue.
  Please advice.
  I have the following configured in OHS proxy.
  <Location /bc>
  SetHandler weblogic-handler
  WebLogicHost ZZZZZZ.oracle.com
  WebLogicPort 9001
  </Location>
  firebug show the following URL getting hit just after the session invalidation http://ZZZZZ.com/oam/server/obrareq.cgi?encquery%3DHBGRZNUhr5Ucxs
  and the following error gets logged in oam server
  "Session invalid as returned by CHECK_VALID_SESSION_RESPONSE responseEvent fail>"
  Kindly suggest.
  Thanks,
  Praveen

  Verify whats session timeout value present in below config:
  http://docs.oracle.com/cd/E27559_01/admin.1112/e27239/session.htm#AIAAG354
  To edit the OAM common session settings:
  Log in to Oracle Access Manager.
  Click System Configuration.
  From the Common Configuration panel, double-click Common Settings.
  In the Session area:
  In Session Lifetime, increase the current value.
  In IdleTimeout (minutes), increase the current value.
  Click Apply.
  ~J

• How to set session timeout per user

  Hi,
  Ho do I set the session timeout per User in the
  Application.cfm File??
  I tried using
  <cfif SESSION.UID EQ 1>
  <CFAPPLICATION NAME="appControl" SESSIONMANAGEMENT="Yes"
  sessiontimeout="#CreateTimeSpan(0,0,20,0)#">
  </cfelse>
  <CFAPPLICATION NAME="appControl" SESSIONMANAGEMENT="Yes"
  sessiontimeout="#CreateTimeSpan(1,0,0,0)#">
  </cfif>
  But this didnt work because the cfapplication seems to have
  to be at the top before I call the variable SESSION.UID which
  I set on my login page..
  Someone know how to do this??
  Regards
  Martin

  Martin,
  Your code example cannot work because the "session" scope
  doesn't exist until your application scope is defined. So you have
  to handle this manually. Here's how you can get it done. First,
  define your application to the maximum sessiontimeout you want to
  have.
  <CFAPPLICATION NAME="appControl" SESSIONMANAGEMENT="Yes"
  SESSIONTIMEOUT="#CreateTimeSpan(1,0,0,0)#">
  Then, I don't know how you are doing your login
  authentication but when you have authenticated the user, you need
  to define the userid and the most recent activity in the session.
  Also determine your timeout value based on the userid. See example:
  <CFIF IS_AUTHENTICATED>
  <CFSET session.user.uid = form.userid>
  <CFSET session.user.most_recent_activity = now()>
  <CFIF session.user.id eq 1>
  <CFSET session.user.timeout_mins = 20>
  <CFELSE>
  <CFSET session.user.timeout_mins = 1440>
  </CFIF>
  </CFIF>
  Now, all you have to do is check whether the user has been
  idle for too long and kill the session by purging all session
  variables. For example:
  <!--- if user id is defined, this means user is logged in
  --->
  <CFIF structKeyExists(session, "user") and
  structKeyExists(session.user, "id")>
  <!--- check if timeout has expired --->
  <CFIF datediff("n", session.user.most_recent_activity,
  now()) gt session.user.timeout_mins>
  <!--- timeout has expired, kill the session and log the
  user out --->
  <CFSET StructClear(session)>
  <!--- insert your logout code here --->
  <CFELSE>
  <!--- user hasn't timed out, so reset the most recent
  activity to now --->
  <CFSET session.user.most_recent_activity = now()>
  </CFIF>
  </CFIF>

• Re: [iPlanet-JATO] Re: session timeout when not submitting to a handler

  Mark--
  I know what's happening here, but am curious about your approach. You said
  in an earlier email that you were generating links directly to JSPs, but
  from what you are describing, you are generating JATO-style links to access
  JATO pages. Nothing wrong with that, but there is a signficant difference.
  Actually, it just occurred to me, I'm wondering what your URLs look like.
  The way the request dispatching works in JATO is it ignores anything after
  an initial "." in the final part of the URL path. For example, a request
  for "/myapp/module1/MyPage.jsp" doesn't actually try to hit the JSP, instead
  it tries to hit the JATO page "/myapp/module1/MyPage".
  The end result is that you may think you are accessing a JSP directly, but
  are instead accessing a JATO page. The reason the request dispatching works
  this way is because it is illegal to access JATO JSPs directly, and there is
  actually a (disabled) JATO feature that piggybacks on the use of the
  dot-delimited URL.
  So, now I need to understand your intent. I wasn't really sure why you were
  generating direct JSP/page links to begin with. This works against the Type
  II architecture JATO uses, in which all JATO requests go back to the
  controller servlet.
  If you are trying to design something like a menu page, you may have thought
  that it was burdensome to create a number of HREF children, plus implement
  event handlers for each of them. This definitely would be burdensome beyond
  just a handful of links, but this is why JATO provides other mechanisms for
  doing what I'll call here "polymorphic HREFs".
  Assuming this menu page scenario, the easiest thing to do is to simply use
  one HREF child on the page, and add a value to it each time it is rendered
  that distinguishes it from the other instances on the page. In your event
  handler for the HREF, you simply check this value and use it to decide which
  page to forward to. You can add a value to an HREF or Button by using the
  "addExtraValue()" method. Or, if you are using JATO 1.2, you can add extra
  query string NVPs right in the JSP document using the "queryParams"
  attribute of the <jato:href> tag. Thus, your one HREFchild and event
  handler become "polymorphic" because what they do depends on the context in
  which they are invoked.
  Now, I still don't have confirmation that this is what you were trying to
  do, so until I do, let me explain the exception you're seeing. JATO assumes
  that when a request comes in for a page that includes the pageAttributes
  NVP, it is a request coming from a previously generated JATO page. Because
  of the way JATO works, this means that the request dispatching code should
  send the request back to the originally rendered page. For example, if Page
  A renders an HREF, which the user then activates, JATO sends the request
  back to Page A for handling. All of the HREFs and forms generated during
  rendering of Page A actually refer back to Page A, regardless of where those
  links or buttons actually pass the request in their event handlers/Command
  objects.
  So, what's happening when you include the pageAttributes in your HREFs is
  that JATO is assuming that a request is being sent to the target page, with
  the assumption that the target page has a mechanism in place to handle the
  request. This assumption relies on the specification of the "originator" of
  the request being specified in the request. For links/HREFs, the name and
  value of the HREF is sent along with the request. For forms, the name and
  value of the button that was pressed are sent in the request. JATO uses the
  presence of these name/value pairs to decide which event handler, or which
  Command object, to invoke to handle the request.
  The exception you are receiving is saying that there was no object on the
  target page that indicated it could handle the request. This is to be
  expected, since you have not specified a query parameter that indicates
  which CommandField child is responsible the request. However, this is where
  I see the disconnect, because that is not what I believe you were trying to
  do (as explained above).
  So now, given all the information above, can you tell me what you're trying
  to accomplish, and whether or not the info I've given you has helped you to
  design a mechanism more in line with a JATO approach? If not, given that I
  understand what you're trying to do, I can offer a more concrete solution.
  Todd
  ----- Original Message -----
  From: <Mark_Dubinsky@p...>
  Sent: Monday, November 05, 2001 2:54 PM
  Subject: [iPlanet-JATO] Re: session timeout when not submitting to a handler
  This is the exception we get:
  (And BTW, leaving a blank value for the pageAttributes doesn't help)
  [05/Nov/2001 17:49:18:4] error: <portalServlet.processRequest>
  javax.servlet.ServletException: The request was not be handled by the
  specified handler
  at java.lang.Throwable.fillInStackTrace(Native Method)
  at java.lang.Throwable.fillInStackTrace(Compiled Code)
  at java.lang.Throwable.<init>(Compiled Code)
  at java.lang.Exception.<init>(Compiled Code)
  at
  javax.servlet.ServletException.<init>(ServletException.java:107)
  at
  com.putnaminvestments.common.jato.ApplicationServletBase.dispatchRequ
  est(Compiled Code)
  at
  com.putnaminvestments.common.jato.ApplicationServletBase.processReque
  st(Compiled Code)
  at
  com.putnaminvestments.bp.portal.portalServlet.processRequest(Compiled
  Code)
  at
  com.putnaminvestments.common.jato.ApplicationServletBase.doPost(Compi
  led Code)
  at
  com.putnaminvestments.common.jato.ApplicationServletBase.doGet(Compil
  ed Code)
  at javax.servlet.http.HttpServlet.service(Compiled Code)
  at com.putnaminvestments.bp.bpServletBase.service(Compiled
  Code)
  at javax.servlet.http.HttpServlet.service(Compiled Code)
  at
  com.netscape.server.servlet.servletrunner.ServletInfo.service(Compile
  d Code)
  at
  com.netscape.server.servlet.servletrunner.ServletRunner.execute(Compi
  led Code)
  at com.kivasoft.applogic.AppLogic.execute(Compiled Code)
  at com.kivasoft.applogic.AppLogic.execute(Compiled Code)
  at com.kivasoft.thread.ThreadBasic.run(Native Method)
  at com.kivasoft.thread.ThreadBasic.run(Native Method)
  at com.kivasoft.thread.ThreadBasic.run(Native Method)
  at com.kivasoft.thread.ThreadBasic.run(Native Method)
  at com.kivasoft.thread.ThreadBasic.run(Compiled Code)
  at java.lang.Thread.run(Compiled Code)
  --- In iPlanet-JATO@y..., "Todd Fast" <Todd.Fast@S...> wrote:
  Mark--
  Initially we tried to add the pageAttributes NVP as well, but that
  was
  causing an exception, so we stopped doing that.That's odd--what was the exception?
  Our problem now is that when the SessionTimes out it does not go
  to
  onSessionTimeout method as in processRequestMethod of the
  ApplicationServletBase it looks for pageAttributes. If it is notnull
  then only onSessionTimeOut method is called.This is sadly the only technique for determining if a session hastimed out
  and a new one been created, versus the initial creation of thesession.
  Is there any work around for this? Maybe you can suggest how topass
  the pageAttributes without causing the initial exception?Definitely--let me know what the exception was and I'll be able tosuggest
  something. However, it shouldn't really be any harder thanappending a
  "jato.pageAttributes=" empty NVP on the HREF.
  Todd
  Todd Fast
  Senior Engineer
  Sun/Netscape Alliance
  todd.fast@s...
  For more information about JATO, please visit:
  http://developer.iplanet.com/tech/appserver/framework/index.jsp

  OK, here's what I'm trying to do: We have, like you said, a menu
  page. The pages that it goes to and the number of links are all
  variable and read from the database. In NetD we were able to create
  URLs in the form
  pgXYZ?SPIDERSESSION=abcd
  so this is what I'm trying to replicate here. So the URL that works
  is
  pgContactUs?GXHC_GX_jst=fc7b7e61662d6164&GXHC_gx_session_id_=cc9c6dfa5
  601afa7
  which I interpreted to be the equivalent of the old Netd way. Our
  javascript also loads other frames of the page in the same manner.
  And I believe the URL-rewritten frame sources of a frameset look like
  this too.
  This all worked except for the timeout problem. In theory we could
  rewrite all URLs to go to a handler, but that would be...
  inconvenient.

• Session Timeout - Process as a webservice

  Hi ,
  I am using ALBPM v5.7.
  In this we are exposing our process as webservice.
  We are Invoking these webservice methods from portal deployed in BEA Weblogic Server,
  The procedure we are following is , starting the session and then invoking our methods -- method1 and method2.
  But , After invoking method1, In the portal, we are waiting for five minutes and then trying to invoke method2 of BPM using the same session,
  When we do this, It is throwing an exception,
  Invalid Session.
  We observed that if we invoke method2 before five minutes then it is working fine.
  So do we have any session timeout for the BPM Process, when we expose our process as a webservice.
  If so , could you please help me in resolving this issue?
  Thanks & Regards,
  Krishnaveni.

  Just input paramters inside the Begin Activity...
  Right Click on the Process and open Process Web-Service and add a Web-Service to it..
  Then start the engine in Studio..
  And then click on Launch Deployed WebServices Webapp..
  And you would get the endpoint..

• Session timeout and Custon login module

  Hi,
  Dev Platform: Jdev 10.1.3.4.0, Oracle 10.2.4
  I'm trying to trap the session timeout and display a page. I'm using the code below from Frank Nimphius. I've also provided a console log of what is happening when the application times out. Instead of the filter being called the system is calling the dblogin module and attempting to login the anonymous user. I renamed the anonymous user and I just see log entries where the system attempted to find the anonymous user.
  If I use the application to logout I get a Logout page with a button to confirm the logout. When I press the button the session is invalidated and the filter code brings up my "Session Timeout" notification page. This isn't what will happen in the end but I just wanted to tell you that the filter does work in certain instances.
  How can I make the system not attempt to login the anonymous user and have the filter code run?
  TIA, Dave
  package isdbs.view.security;
  import java.io.IOException;
  import javax.servlet.Filter;
  import javax.servlet.FilterChain;
  import javax.servlet.FilterConfig;
  import javax.servlet.ServletException;
  import javax.servlet.ServletRequest;
  import javax.servlet.ServletResponse;
  import javax.servlet.http.HttpServletRequest;
  import javax.servlet.http.HttpServletResponse;
  public class ApplicationSessionExpiryFilter implements Filter {
      private FilterConfig _filterConfig = null;
      public void init(FilterConfig filterConfig) throws ServletException {
          _filterConfig = filterConfig;
      public void destroy() {
          _filterConfig = null;
      public void doFilter(ServletRequest request, ServletResponse response,
                           FilterChain chain) throws IOException, ServletException {
          String requestedSession =   ((HttpServletRequest)request).getRequestedSessionId();
          String currentWebSession =  ((HttpServletRequest)request).getSession().getId();
          boolean sessionOk = currentWebSession.equalsIgnoreCase(requestedSession);
          // if the requested session is null then this is the first application
          // request and "false" is acceptable
          if (!sessionOk && requestedSession != null){
              // the session has expired or renewed. Redirect request
              ((HttpServletResponse) response).sendRedirect(_filterConfig.getInitParameter("SessionTimeoutRedirect"));
          else{
              chain.doFilter(request, response);
  }Mar 30, 2009 9:38:04 AM oracle.security.jazn.oc4j.RealmUserAdaptor isMemberOf
  FINE: JAAS-OC4J: Membership check for group: ISDBS_USER failed for user: anonymous
  09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option debug = true
  09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option log level = log all
  09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option logger class = null
  09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option data_source_name = jdbc/elearnDS
  09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option user table = TBL_LOGIN
  09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option roles table = XREF_LOGIN_ROLE
  09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option username column = LOGIN_NM
  09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option password column = PASSWORD
  09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option roles column = ROLE_NM
  09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option user pk column = LOGIN_NM
  09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option roles fk column = LOGIN_NM
  09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option password encoding class = oracle.sample.dbloginmodule.util.DBLoginModuleClearTextEncoder
  09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option realm_column = null
  09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] option application_realm = null
  09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] login called on DBTableLoginModule
  09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] Calling callbackhandler ...
  09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] Username returned by callback = null
  09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] User query string: select LOGIN_NM,PASSWORD, LOGIN_ATTEMPTS, ACTIVE_IND from TBL_LOGIN where lower(LOGIN_NM)= lower((?))
  09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] Logon Successful = false
  09/03/30 09:38:04 [DBTableOraDatasourceLoginModule] Abort called on LoginModule
  Mar 30, 2009 9:38:04 AM oracle.security.jazn.oc4j.OC4JUtil doJAASLogin
  WARNING: Login Failure: all modules ignored
  javax.security.auth.login.LoginException: Login Failure: all modules ignored
       at javax.security.auth.login.LoginContext.invoke(LoginContext.java:921)
       at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
       at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
       at java.security.AccessController.doPrivileged(Native Method)
       at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
       at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
       at oracle.security.jazn.oc4j.OC4JUtil.doJAASLogin(OC4JUtil.java:241)
       at oracle.security.jazn.oc4j.GenericUser$1.run(JAZNUserManager.java:818)
       at oracle.security.jazn.oc4j.OC4JUtil.doWithJAZNClsLdr(OC4JUtil.java:173)
       at oracle.security.jazn.oc4j.GenericUser.authenticate(JAZNUserManager.java:814)
       at oracle.security.jazn.oc4j.FilterUser.authenticate(JAZNUserManager.java:1143)
       at com.evermind.server.http.EvermindHttpServletRequest.checkAndSetRemoteUser(EvermindHttpServletRequest.java:3760)
       at com.evermind.server.http.HttpRequestHandler.doProcessRequest(HttpRequestHandler.java:706)
       at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:453)
       at com.evermind.server.http.HttpRequestHandler.serveOneRequest(HttpRequestHandler.java:221)
       at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:122)
       at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:111)
       at oracle.oc4j.network.ServerSocketReadHandler$SafeRunnable.run(ServerSocketReadHandler.java:260)
       at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:303)
       at java.lang.Thread.run(Thread.java:595)
  Mar 30, 2009 9:38:04 AM oracle.security.jazn.oc4j.GenericUser authenticate
  FINE: JAAS-OC4J: Authentication failure for user: null
  Mar 30, 2009 9:38:04 AM oracle.security.jazn.oc4j.RealmUserAdaptor isMemberOf
  FINE: JAAS-OC4J: Membership check for group: ISDBS_USER failed for user: anonymous

  I added an HttpSessionListener upon login here's what I get:
  09/03/31 08:21:25 Inside sessionCreated
  09/03/31 08:21:25 Before New session createb = 0
  09/03/31 08:21:25 Created session id: 854b4b95cf28ceb065d0489a31ee79c19feabb80716f6d828b77fc7044b210bf
  09/03/31 08:21:25 After New session count = 1
  At session timeout here's what I get:
  09/03/31 08:23:27 Count before destroyed = 1
  09/03/31 08:23:27 Destroyed session id: 854b4b95cf28ceb065d0489a31ee79c19feabb80716f6d828b77fc7044b210bf
  09/03/31 08:23:27 Count after destroyed = 0
  09/03/31 08:23:27 Inside sessionCreated
  09/03/31 08:23:27 Before New session createb = 0
  09/03/31 08:23:27 Created session id: 854b4b95cf28ceb065d0489a31ee79c19feabb80716f6d828b77fc7044b210bf
  09/03/31 08:23:27 After New session count = 1
  Notice that the session Id in each case is IDENTICAL. That is why the Filter code isn't doing what it is intended to do. Whay is the same session ID being created after it is destroyed? Is there a configuration parameter that controls it?
  Thanks,
  Dave

• Session Timeout and DAD Authentication

  My application uses the authentication scheme 'No authentication (using DAD)'. The users log in from an external program and the user IDs are captured in the variable remote_user. My authorization scheme checks that the user ID exists in a database table. All this seems to work fine.
  However, I need to implement a session timeout on the application. I've followed the steps described in the "Automatic Session Timeouts" utility in the Application Express Studio but when I tried to modify the authentication scheme by adding:
  return auth_pkg.check_timeout;
  to the Session Verify Function I got the following errors:
  No functional attributes may be set when page sentry function is '-DATABASE-'.
  and
  Session verification function may not be specified if page sentry function is specified.
  I'm new to Apex and I don't know where to go from here. Any advice please?
  Thanks
  Maria

  Maria,
  The usual way to do the authentication part is to use a custom page sentry function. Many examples have been posted on the forum based on the ntlm page sentry code. Search for those keywords here (ntml page sentry) and you should find it easily. Then you can modify it by adding the session timeout logic in that function.
  Scott

• Session timeout and session.invalidate() -- are they the same?

  I was just wondering when a session timeout occurs (either by setting the session-timeout in web.xml or the server's default timeout), is the session automatically invalidated? Or should we call setMaxInactiveInterval() instead? Or is calling session.invalidate() the only way to invalidate a session?

  Hello all,
  Both are same in terms of functionality, but if you use both of them like
  1: You specified the tag sessionTimeout and
  2: in your program the session.maxInactiveIntervalTime( value ) here if the value is(we gave it in terms of seconds like for 40 minutes we give 2400) then the program code will override the value previously set in web.xml
  Thanks
  Prabhakar

• Session Timeouts accessing data from Xcelsius

  I am running Business Objects XI R2 SP2 and running Xcelsius 2008 FP1.
  Basically within my models i use LiveOffice to refresh the initial data used within the models and then I use QaaWS to use certain drill through parameters to retrieve more detailed information.
  All this works fine and returns all the data i need, but i get session errors when accessing the models from Infoview.
  When i log into Infoview, i can run 1 model fine and do all the necessary refreshes and further drill downs without any trouble, but when i close the model down and try to go into the next model i get the following error message;
  Your webintelligence session has timeed out WIS: 30553.
  NOw i have updated all the setting i know of eg;
  1) Webi report server timeout in server properties
  2) Configured the command line of the webi report server in CCM to include the timeout parameter.
  3) Web.xml file has been amended to increase the session timout
  4) Web.xml file has been amended to uncomment the listener settings
  5) i have even updated the session timeout on the Tomcat server (tomcat\conf\web.xml)
  Has anyone any other ideas as i can not access the models.
  I know this is not related to Webi reports, as i can fresh reports and open up other reports without any issues, so i think it must be related to Xcelsius in soem way.
  Any help will be gratefully received.
  Anthony
  Edited by: Anthony Jones on Mar 12, 2009 12:32 PM

  Hey thanks a lot your code worked!!
       I wrote it in my procedure and ran it through my job.Its working as needed now.
       I analysed what your code does. Let me know if I'm right or wrong
       The view apex_activity_log is based on query like
       SELECT * FROM wwv_flow_activity_log
  WHERE security_group_id = (SELECT wwv_flow.get_sgid
  FROM DUAL
  WHERE ROWNUM = 1);
  What i understand is when i run query in toad it gets null value in above where clause so my below query doesnot retrieve any data.
       But when i set security_group_id it gets some value through wwv_flow.get_sgid and my query retrieves the data for my app_id
       SELECT l.userid,
  a.application_name,
  l.step_id page_no,
  l.TIME_STAMP,
  l.ir_report_id,
  l.elap,
  l.session_id,
  l.ip_address
  FROM apex_activity_log l, apex_applications a
  WHERE l.flow_id = a.application_id
  AND l.flow_id = 200; --app_id
  Can u pls explain me what is security_group_id and its significance??Are workspace_id and security_group_id same??