SJSAS 9 and JSF - session expiration

Similar Messages

• Portal Session Expiration after 10 minutes.

  Hello Experts,
  We are running on EP 7.0 ABAP+JAVA stack.The UME has been configured on ABAP stack.
  We have a requirement to auto logoff the portal if no activity is done for 10 minutes.
  I have gone through SAP Notes and came to know this is not possible in current portal framework. In some threads I got clue to set some parameters for SSO expiration and Security session expiration but that did not gave desired result.
  I have set the security session to 10minutes in Visual administrator.(default 27h) [Security Provider -> SessionExpirationPeriod ]but nothing happened I am still in portal session after 10 minutes.
  I made the change in -> /usr/sap/<SID>/<inst>/j2ee/cluster/server0/apps/sap.com/irj/servlet_jsp/irj/root/web-inf/web.xml
  And change the session time out to 10 minutes. But same result nothing happened.
  Please guide what settings I am missing. What else I have to do to get the session expire.
  thanks & regards
  shankar

  Hi,
  Check this:
  Redirect user to a custom "logoff" page after 10 minutes of user inactivity
  To set Logon Tickets Validity Period:
  http://help.sap.com/saphelp_nw70/helpdata/EN/45/18b6cfe1235d79e10000000a11466f/frameset.htm
  Regards,
  Praveen Gudapati

• Report not running "session expired error"

  while trying to run a query...its not opening and showing "session expired error after 30 mts.
  how to rectify it

  hi devi,
  use the following links
  Error msg in BW after session timeout
  Retain hierarchy node value on selection screen during execution of report
  with hopes
  Raja Singh

• Session expires and forwarding emails to recipi...

  Hi  It  seems  similar  problems  are happening.
  Composing  an  email  appears  to  function ok  albeit  you  can  see the  screen wanting  to  disappear,but  it  sends ok.
  With  regards to  incoming   emails which  you  wish  to  redirect  to  recipients,  this  is  a nightmare.
  Firstly, when you  click  on  the "forward"  icon  you can  then add your  email  contacts,and  when finished  you  then  click  send.Session  expired  appears.Sign  in, which  you  do ,and there  is  no  trace of  your  email.Take  a look in drafts  and there  are  all the  emails  which  you  tried  to  send."Click" on  any one  and you  get"unknown subject"
  The  whole  process  of  sending has  to  be  done  again  by returning  to  your  original  page  of  emails.
  Add  once  again all email  contacts , and  try  to  send  again...."SESSION  EXPIRED"...Totally  frustrated  and  getting  nowhere  except  about  60  emails  to  send  on.....cleared  cookies .....still nothing...

  Welcome to the forum. A quick look through this board will reveal many shortcomings with the new BT Mail. Who knows if or when there will be an upgrade and what improvements there mught be? Meanwhile your problem and most others can be overcome by using an email client such as Thunderbird, which is much more user-friendly and safer to boot. If you try it and have no particular reason to prefer webmail the chances are that you'll stick with the client even if BT Mail improves.
  You can click the white star next to this message if you think it was helpful.

• JSF Session handling

  Hi,
  I am using session variables in all my pages. If user tries to access the page after sometime, session expires and throws NullPointer Exception.
  How to handle this. I know I have to use if it is not equal to null before using the session variable. what if it is null?
  Any suggessions...
  Thanks in advance...

  Sorry . . .
  One more thing . . . .
  Since JSF loses parameters after a page reload you will have to store all the the values you want to "remember" in hidden fields. But . . . JSF autotmatically generate ID with form name at the begining. For example, if you want to pass the parameter: userId and the name of the form is: userForm, the name of the hidden field will be:
  userForm:userId.
  Now . . . this makes a problem extracting the hidden value by get parameter. Since on first call the paramter is named: userId, on a second call to the same page the parameter will be in the hidden field and named: userForm:userId.
  In order to overcome this problem I wrote the following method:
    public static HttpServletRequest getRequest()
      HttpServletRequest request = (HttpServletRequest)FacesContext.
      getCurrentInstance().getExternalContext().getRequest();
      return request;
    public static String getRequestParameter(String key)
      return getRequest().getParameter(key);
    public static String locateRequestParameter(String partialKey)
      Enumeration enumeration = getRequest().getParameterNames();
      String key, value;
      while (enumeration.hasMoreElements())
        key = (String)enumeration.nextElement();
        if (key.indexOf(partialKey) > -1)
          value = getRequestParameter(key);
          return value;
      return null;
    }This is not a neat solution, since we iterate all the parameters . . .
  You can also look here: http://www.jsftutorials.net/param.html
  This is a "param" component, that keeps the URL with the parameter after the form is reloaded.
  Thats it . . . ;-)

• Alert when the session Expires

  Hi Everybody,
  I am doing a web based application in JSF ,in that I want to make an pop up or an alert message automatically when the session expires.please give me valuable inputs on this regardings...
  Thanks in Advance

  Hi,
  yes...I have tested correctly.But here I am giving <a4j:support> to specify the dropdown listbox action.only for this reason the form is not submitting when I use dropdownlist..for ur reference here is a sample code
  <h:selectOneMenu id="animalNameCombobox" value="#{Animal.animalName}" styleClass="sampleDropDownListBox">
                                      <f:selectItems value="#{Animal.animalItemList}"/>
                                      <a4j:support action="#{Animal.animalComboboxAction}" event="onchange" reRender="animalOutputPanel"/>
                                  </h:selectOneMenu>I have given all this within <a4j:outputpanel>..Is there any remedies are there to resolve this issue...please give me a valuable inputs and suggestion on this regardings..
  Regards

• JSF session length - how to set? ViewExpiredException - how to avoid?

  Hi! Is there something like JSF session? If yes, how can I set its length so that ViewExpiredException is not being thrown so fast? After I restart my server, httpSession in my browser still exists, but ViewExpiredException is thrown. Is there a way to eliminate completly this exception from JSF application??? PLEASE HELP!

  cocolino81 wrote:
  Thanks for help. The problem is also that <session-timeout> is for example 1 hour and I get ViewExpiredException after 15 minutes!This was because you restarted the server or redeployed the application, is it? Besides, this would also occur if you use an IDE and are still actively developing the webapp. Tomcat will redeploy automatically on every change of one of the deployed files.
  If you read this, please write how do you deal with this excpetion. I would really like to know all your solutions. Thanks in advance.Depends on the purpose of the application. If the user have to be logged in, then I would just set a clear and user-friendly error-page which informs the user that the session has expired and that the user has to re-login. If there is no means of a login but the user just have to enter and submit a form, I would rather keep the session alive using ajaxical polls from the form on. If there is even no means of a form and you used commandlinks/buttons and navigation cases for navigation, then I would get rid of that way of navigation and just use outputlinks for navigation.

• Detect session expire?

  Hello guys,
  Is there any filter provided by JSF library that can detect if user session has expire, user will be forwarded to a page.
  cheers,
  Mark

  There is an interface HttpSessionListener. There is method sessionDestroyed() that listens for session expiration. To forward the user to a page you just put something in the session i.e. string with username or something and write PhaseListener or ServletFilter that will check on every request if this string is in the session and if not will redirects to a given page.

• ISE 1.2 CWA with Multiple PSNs - SessionID Replication / Session Expired

  Hi all.
  I have a (2) Policy Services Nodes (PSNs) in an ISE 1.2 deployment running patch 1. We are using Wireless MAB and CWA on 5760 Wireless LAN Controllers running v3.3.3.
  We are hitting an issue wherein a client first passes MAB and then gets redirected to a CWA custom portal. The client then receives a Session Expired message. This seems to be related to the fact that CWA is technically a 2-stage authentication (MAB by the WLC and then CWA by the client). Specifically, it seems to happen when the WLC makes its MAB RADIUS access-request to PSN-1 and then the client comes in to PSN-2 to complete the CWA. This issue does not happen when only one PSN is in use and all authentication traffic (both MAB RADIUS and CWA) is directed at a single PSN.
  Clients resolve the FQDN in the redirect URL using public DNS and a public DNS zone file (call it cwa-portal.example.com). cwa-portal.example.com has two A records for the two PSN nodes. DNS is responding to queries using DNS round-robin.
  I have the PSNs configured in a Node Group for session information replication between PSNs, but this doesn't seem to make a difference in behavior.
  So I ask:
  What is the recommended architecture for CWA when using more than one PSN? It seems that you would need to keep the two authentication flows pinned together so that they both hit the same PSN when using more than one PSN in a deployment. A load balancer balancing on the SessionID string comes to mind (both the RADIUS MAB request and the CWA URL contain this unique per-client SessionID), but that seems terribly overbuilt for a seemingly simple problem. On the other hand, it also seems like using a Node Group setup should easily be able to replicate client SessionIDs to all nodes in the deployment so that this isn't an issue. I.e., if the WLC authenticates MAB on PSN-1, then PSN-1 should tell the Node Group about it such that when the client CWA's on PSN-2, PSN-2 doesn't respond with a Session Expired message.
  Is there any Cisco documentation that talks about this?
  Possibly related:
  https://supportforums.cisco.com/discussion/12131531/ise-12-guest-access-session-expired
  Justin

  Tim,
  Thanks for your reply and confirming my suspicion. Hopefully a future version of ISE will provide automated SessionID synchronization among PSNs so that front-end finagling in a multi-PSN environment won't be necessary.
  For anyone else with this issue who for whatever reason can't implement a load balancer(s), I built an automated EEM applet running on a "watchdog" switch (3750 running 12.2(55)SEE9) using IPSLA tracking that senses when PSN1 is down and then
  modifies an ASA to change its client-facing NAT statement for PSN1 to PSN2
  modifies the primary and HA wireless LAN controllers to change its MAB RADIUS aaa server group to use PSN2
  reverts the ASA and WLCs to using PSN1 when PSN1 is detected up and running again
  The applet ensures the SessionID authentications stay "glued" together so that both WLCs and the client hit the same PSN for both stages of authentication. It's failover only, not a load balancing solution, but it meets our current project's need for an automated HA environment.
  PM me if you want the code. I'm have a little too much going on ATM to sanitize and post it. :)
  Justin

• Hi, I cant login to the facebook app on my iphone 5 ios 6.0.2.  I keep getting an error message saying 'There was an error logging in using single sign on' when im asked to log in again i get a 'session expired' message.  This only started happening yeste

  Hi, I cant login to the facebook app on my iphone 5 ios 6.0.2.  I keep getting an error message saying 'There was an error logging in using single sign on' when im asked to log in again i get a 'session expired' message.  This only started happening yesterday. Anyone else having this problem? Thanks.

  I am having the same problem and took the following steps to mitigate it to no avail.
  1. I deleted the Facebook app on the phone and turned off Facebook in the iPhone's system-wide settings.
  2. I re-enabled Facebook in the iPhone's system-wide settings and reinstalled the Facebook app and logged in again. It worked. For about an hour.
  3. I completely restored the phone to a previous backup (before the problems started) and reenabled Facebook .... reinstalled the app.... and now it works intermittenly. But it hasn't worked in about 12 hours now (just tried a few minutes ago).
  Please advise.

• Redirect to main jsp when the session expires

  Hi,
  I have a jsp say mainframe.jsp in which I have two frames each having a jsp page say child1.jsp and child2.jsp.
  When the session expires and I when i try do any changes in child2.jsp or child1.jsp, the page redirects to login page and when I login successfully, I am getting redirected to child2.jsp or child1.jsp respectively. But I want it to be redirected to mainframe.jsp.
  Any help is greatly appriciated.
  Thanks in advance.
  Vinod

  I think I am not clear.
  When I try to login after session expiry, I am redirected to child jsp.
  But what I want is that I should be redirected to mainfram.jsp page.
  url in the address shows : ../mainframe.jsp?ID=******
  When my seesion is expired and I try do some manipulation in child1.jsp (which is inside a frame of my mainframe.jsp). it is redirected to login page and from there to child1.jsp instead of mainframe.jsp
  Now the address url shows : ../child1.jsp?ID=********* because of which I am not able to see child2.jsp along with child1.jsp
  What I want : ../mainframe.jsp?ID=********
  this is the code I am using !!
  String destPage = request.getRequestURI();
  response.sendRedirect("../redirect.jsp?dest=" + URLEncoder.encode(destPage));

• Why am I getting a number of session expired terminations on my yahoo email since upgrading to 31.0?

  Sometimes I'm logged into my yahoo email for just a few seconds and am getting a session expired notice. I've run Malwarebytes to look for malware, but it came up empty. Never had this problem prior to upgrading to Firefox 31.0.
  I have not tried other browsers. I don't like either IE or Chrome.
  Any ideas what to do?
  Thanks.

  Currently, your More System Details shows you start up automatically in private browsing mode (Privacy set to "Never remember history"). Is that the same as how you were using Yahoo! mail in Firefox 30?
  In the past, Yahoo! sites were sensitive to connection changes. You generally could not stay logged in with one of the connection settings:
  "3-bar" menu button (or Tools menu) > Options > Advanced > Network mini-tab > "Settings" button
  * "Auto-detect proxy settings" caused problems
  * "No proxy" should work
  Not sure whether that is a factor here. Is there anything else that could be causing your connection to vary, such as a private VPN or Tor?

• ISE 1.2 Guest Access session expired

  We have set up the ISEs to allow wired guest users to logon with CWA but every time we get
  "Your session has expired. Sign on again".
  We successfully get to the portal and can logon, change password, accept conditions but then we just get the session expired page.
  From the switch (some data redacted fro privacy):
  sw01#sh auth ses int f0/1
              Interface:  FastEthernet0/1
            MAC Address:  0021.xxda.xx28
             IP Address:  xxx.xx.40.45
              User-Name:  00-21-xx-DA-xx-28
                 Status:  Authz Success
                 Domain:  DATA
         Oper host mode:  multi-domain
       Oper control dir:  both
          Authorized By:  Authentication Server
            Vlan Policy:  901
                ACS ACL:  xACSACLx-IP_GuestWired_ISE_Portal_Access-53182da8
       URL Redirect ACL:  dot1x_WEBAUTH-REDIRECT
           URL Redirect:  https://guest.ourdomain.com:8443/guestportal/gateway?sessionId=AC1262FB000000FA0FCEFDB8&portal=TT_GuestPortal&action=cwa
        Session timeout:  N/A
           Idle timeout:  N/A
      Common Session ID:  AC1262FB000000FA0FCEFDB8
        Acct Session ID:  0x000001CF
                 Handle:  0x370000FB
  Runnable methods list:
         Method   State
         dot1x    Failed over
         mab      Authc Success
  The ISE reports a failed login
  Event
  5418 Guest Authentication Failed
  Failure Reason
  86017
  Now the reason appears to be that the guest portal being accesed is on an ISE in our DMZ but the RADIUS/MAB authentication is done by our internal ISEs (all ISEs are part of the same cluster however).  This is because the NAD is a switch and its management interface is on the inside of the network while  the guest VLAN is in a DMZ.  If we authenticate the RADIUS and guest on the same ISE (by breaking routing/security) then the access is granted and it all works corrcetly.
  We are summarising that the session ID sent by the RADIUS ISE server is not avaialble to the Guest Portal ISE server so the session ID does not exist in the session cache.
  So does the  guest portal ISE server have to be the same ISE server that does the RADIUS/MAB session generation?  There is no obvious way to tie a FQDN (e.g. guest.ourdomain.com) to the ISE used by the NAD.
  Should the session ID not be shared across all enforcement nodes?
  Any other ideas or thoughts?
  Chris Davis

  Thanks Jan, do you know if this is by design, even across nodes in node groups?  I'm guessing that Bug CSCul10677 is the same issue.
  Thing is, it rather makes the CWA static IP/Hostname option redundant/useless in a resilient configuration.  It also means that the NAD must use the guest network for dot1x traffic or that the guest nework must be able to route over/into the internal network neither of which appear to be ideal from a security perspective...

• Session expiring

  We are using Oracle 10g r2 and APEX 3.1. We have deployed an application that is having issues with sessions expiring and the user is being required to log back in. We are using the default Application Express Authentication Schemes. We have noticed the expiration occurs when we have a user open seperate browsers and log into the app in each one. There is no period of inactivity so it should not be a timeout of any sort. Anyone have any similar issues? Any ideas at all would be appreciated.
  Thanks
  Jon

  Browser windows must run in separate OS processes in order for one's cookies not to be shared among them. There are ways to do this in IE, not sure of a way to do this in Firefox. BTW, the sessions are not expiring, the cookie value is being supplanted.
  Scott
  Edited by: sspadafo on Dec 16, 2008 1:23 PM

• PROBLEM USING FILTER TO KNOW SESSION EXPIRATION

  Hi, i'm using a filter to know when the session expires but it appeasr not to work, so i am a bit confuse because the filter always executes well but when the session gets the timeout and the user send a request it isnt executed, the server redirects the user to the login page.
  I am not sure about it, but is it possible that the reason of why the filter is not executed, is becuase i am using the apache form-authentication????
  filter's code:
  public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
  HttpServletRequest req;
  RequestDispatcher disp;
  HttpServletResponse res;
  boolean userInSession;
  String forward = getConfig().getInitParameter("sessionClosed");
  req = (HttpServletRequest) request;
  res = (HttpServletResponse) response;
  System.out.println("InFilter");
  userInSession = req.getUserPrincipal() != null;
  if(userInSession) {
  chain.doFilter(request, response);
  System.out.println("Session: " + req.getSession(false).getId());
  System.out.println("Session: " + req.getSession(false).getMaxInactiveInterval());
  System.out.println("getSessionTime: " + req.getSession(false).getCreationTime());
  } else {
  disp = req.getRequestDispatcher(forward);
  disp.forward(request, response);
       res.sendRedirect("http://www.google.com");
  System.out.println("outFilter");
  tnks
  CERR

  Hi Robert,
  thanks very much for ur pointers on the AuthFilter class.. will try that out.
  Robert Greig <[email protected]> wrote:
  Stephen wrote:
  I am using WLS 6.1 and tried using a custom filter to intercept theauthentication
  request submitted from a FORM BASE jsp (using the j_security_checkform).
  However, no matter what i've tried, it is always the authenticationpart that
  gets executed before the filter.
  Any idea how could I intercept the request before the j_security_checkservlet
  calls the security provider for authentication?There is a (now deprecated) class weblogic.servlet.security.AuthFilter.
  I haven't used it because it is deprecated but I think it does what
  you're after.
  In my apps, I make the FORM auth submit to my own servlet which can then
  do what j_security_check does (most although not all is accessible
  through public APIs).
  Robert