Time limit user login session
Hi folks
Using PHP/MySQL to allow the logged in user access to
protected pages it seems
that the default session which is established does not time
expire but remains
valid for the duration of that browser session.
What is the prescribed method for placing a time limit on a
given browser
session?
Thanks in advance for any pointers.
Ronnie MacGregor
Scotland
Ronnie at
dBASEdeveloper
dot co dot uk
www.dBASEdeveloper.co.uk
Ronnie:
Sorry for the delay in responding. To be honest, I'm not sure
how to do
this. 8(
Murray --- ICQ 71997575
Adobe Community Expert
(If you *MUST* email me, don't LAUGH when you do so!)
==================
http://www.projectseven.com/go
- DW FAQs, Tutorials & Resources
http://www.dwfaq.com - DW FAQs,
Tutorials & Resources
==================
"Ronnie MacGregor" <[email protected]> wrote in message
news:[email protected]..
> Hi folks
>
> Using PHP/MySQL to allow the logged in user access to
protected pages it
> seems
> that the default session which is established does not
time expire but
> remains
> valid for the duration of that browser session.
>
> What is the prescribed method for placing a time limit
on a given browser
> session?
>
> Thanks in advance for any pointers.
>
> --
> Ronnie MacGregor
> Scotland
>
> Ronnie at
> dBASEdeveloper
> dot co dot uk
>
> www.dBASEdeveloper.co.uk
>
>
>
Similar Messages
-
How open multiple responsibilities in the same user login session in R12 ?
Dear All,
Can anyone help me to know how to open multiple responsibility in the same user login session in R12 ?
Thanks..
Edited by: G-oracle on Sep 18, 2011 11:22 AMCan anyone help me to know how to open multiple responsibility in the same user login session in R12 ?What do you mean by open multiple responsibilities in the same session? You can only see the menu of one responsibility at a time, so how to do you expect the application to let you see multiple responsibilities/menus in one session?
You could open another session and this way you can access more than one responsibility at the same time.
Thanks,
Hussein -
Limit user login in multiple RODC
I have 2 RODC and a RWDC.i prepopulate some password on RODC1 And Some on RODC2 cache database. i already read this article http://www.frickelsoft.net/blog/?p=232
I want to limit user login in multiple RODC.(for example user1 can not login to os in different RODC).
So i want to know is there is a way to limit user to login just from its RODC cache database not RWDC active directory?(i want user in RODC1 cant not login to RODC2.How can i do this?)Hi,
Do you want to restrict users from logging into a client computer that belongs to another site? Or do you want the users to get authenticated only to the RODC's where their credentials cached?
If you configured your sites and services properly the clients will choose the DC belongs to their own site and subnet. DC locator is the service name which is responsible for assigning a logon DC to the client.If the DC's are in different sites you
can configure the sites and services to point the client to correct DC in a site. AD authentication always distributed based on the sites and services you configured.
You can configure ldapsrv records to authenticate against specific DC.
RODCs do not register Domain Name System (DNS) general records (records that are associated with the domain itself and not with a specific site), as read/write domain controllers (RWDCs) do. This is the default behavior of RODCs. Although you can tune an
RODC to register DNS general records, we recommend that you not change the default behavior.
The main impact of RODCs not registering DNS general records is that a client computer cannot find an RODC in its site without reaching an RWDC (that is, a domain controller that registers the general records) if the client computer does not have a record
for the name of the site where the client computer is placed.
Source: Placing Several RODCs in the Same Site
http://technet.microsoft.com/en-us/library/ee522995(WS.10).aspx
Domain Controller Locator : an overview
http://blogs.technet.com/b/arnaud_jumelet/archive/2010/07/05/domain-controller-locator-an-overview.aspx
LdapSrvWeight & LdapSrvPriority
http://blogs.dirteam.com/blogs/carlos/archive/2006/05/10/How-to-lessen-your-PDC_1920_s-load.aspx
http://technet.microsoft.com/en-us/library/cc816793%28WS.10%29.aspx
Regards,
Rafic
If you found this post helpful, please give it a "Helpful" vote.
If it answered your question, remember to mark it as an "Answer".
This posting is provided "AS IS" with no warranties and confers no rights! Always test ANY suggestion in a test environment before implementing! -
Flash the system message every time when user login
Hi all,
My requirment is to diaplay the system message when user login for the maintenance purpose, In SM02 i created a message but it is not working for evary time login, It is displaying only one time, suppose i logoff and again loging message is displaying.
Please tell me how to display system message evary time when user login.
Thanks in Advance,
Thanks&Regards
RPHi,
To display system message every time when user login : use the
Enhancement SUSR0001
Short text User exit after logon to SAP System
You also get the Example Code here.
And the Documentation is :
Every dialog user passes through this function module after logon. Yo
can use this to execute individual customer checks here and send
messages to the user.
Do not log off the user and also try to avoid too many dialog boxes.
Regds
Suman -
Hi
I'm not really sure if this is the right forum to post this question, but here it goes...
I would like to limit the sso sessions per user meaning that if a user logged in, throught a browser, to an application and if he opens another browser window, and tries to access the same application, instead of being redirect to the login page, he would be told that he already logged in!
I hope that I made myself clear
Thanks in advanced
Vitorwe had the same need but according to Oracle, this functionality is not integrated into the tool.
It could be done by programming (table WWCTX_SSO_SESSION$) but the user must disconnect himself properly from the application. If not (browser crash by example, ...), he will not be able to reconnect before a timeout (8 hours by default).
Regards,
Nicolas Stiévenard -
COuld anyone tell me how to find out the last time a user login into the application in Oracle eBusiness 11i? I hav ebeen audited and need to receive that data for my auditors ?
ThnxHi,
See this thread, it should be helpful.
USERS CONNECTED
Re: USERS CONNECTED
Regards,
Hussein -
Aironet - PI21AG PCI Adaptor - No Computer Auth before user login
Hi
I am running PEAP-MSCHAPv2 , all Clients are Windows Xp SP2 on an AD domain and all clients have wireless configuration assigned via Group Policy.
All machines except for 10 machines running the PI21AG PCI WLAN adaptors are able to authenticate using their computer account to the WLAN , allow login scripts , policy assignment etc to function prior to the use logging into windows. If you log in with a cached domain account , the machine will associate to the WLAN using the user account after login however scripts do not run and users who have not logged in before are unable as the PC has no network connection at the time of user login.
Affected machines have been rebuilt , settings applied manually, different driver versions have been applied, "Always wait for network" has been enabled in Group policy and registry keys have been mdified to extend timeout before policy assingment. Nothing so far has worked.
I am running the latest driver, all clients are using the XP Wireless supplicant and have common configuration. All machine including notebooks using the CB21AG PCMCIA adaptors can successfully authenticate using machine authwntication prior to user login.
I have noticed from looking at my WLC's that during boot and prior to user login that the affected machines probe for association , howver they never enter an authenticated state.
No authentication attempts passed or failed are seen in the RADIUS logs.
Any help or suggestions would be greatfully apprciated.
May Thanks
LeonThanks for the reply.
As stated I had PEAP conifgired correctly and many clients achieved the functionality that I was after.
The issue was specific to the Cisco PCI WLAN Adaptors , and after many hours on the phone to the TAC it looks like a change in driver version and a re-image of the customers SOE resolved the issue in the end. -
Limit a Windows 7 machine to 1 user login at a time
I've searched everywhere for a solution to this but have not found anything outside of restarting the machine.
I need to limit a Windows 7 computer to only allow one user logged in at a time. This machine has applications only allow one user to run them at a time. So if a user locks this machine and walks off and if the next user switches user and logs in, none of
the programs will work because the first user's session is now suspended.
Is there anything that will kick the suspended user off? So if a user forgets to log out and the screen is locked, the second user's login would force the first user to log off?I know this was 1.5 year ago, but people search the web for these solutions for years and for years these solutions continue to help others, but not when people are so very much OFF TRACK with what the OP asked for. It shouldn't surprise me, but it is astounding
at how people do not communicate well and instead of reading what the OP asked for carefully the proposed answer here does NOT address the OP's question... it got the "BREEZE BY ANSWER".
NOW - TO the OP Cherickson HERE's the BEST answer I've been able to determine on my OWN since ALLLLLLLLL of the other posts online I read ALSO were answered OFF TOPIC:
DISABLE FAST USER SWITCHING (speaking from a Windows 7 environment)
Here's the GPO to do it (Open Group Policy Management Editor on a DOMAIN or Active Directory server):
Default Domain Policy [ServerNameHere] > Computer Configuration > Administrative Templates > System > Logon > Hide entry points for Fast User Switching
Set Hide entry points for Fast User Switching to Enabled.
FOR non-DOMAIN non-Group-Policy controlled PC's use "Local Group Policy Editor" via gpedit.msc
(NOT NOT NOT "Local Security Policy" via secpol.msc) and visit:
Local Computer Policy > Computer Configuration > Administrative Templates > System > Logon > Hide entry points for Fast User Switching
Set Hide entry points for Fast User Switching to Enabled.
Now, to be "EXACTING" here, this does not "PREVENT" multiple users from logging into the same PC at one time "per say", but it ends up having that effect on "PEOPLE" because "PEOPLE" are very predictable
in a network environment and they aren't worried about saving PC resources for themselves or others... they just use the PC.
Setting Hide entry points for Fast User Switching to Enabled REMOVES the option for users to "SWITCH USER" while they are logged into Windows (fat client) and it also removes the "SWITCH USER" from the Welcome/Logon screen,
thereby forcing them to "LOG OFF" themselves (or whomever is logged in) manually and thereby then they are presented with an option to Log In using their own Windows user account. This is great, because it keeps the PC resources for just 1 logged
in user at a time instead of you being called to examine a slow PC only to find that the lazy users out there left 2 or 3 or MORE users logged in at once despite being told 100 times or more that they shouldn't do that. :) EXPERIENCE??? :)
Now, if you have an advanced user, doing things with other users logging in the background of their own user session (IE: RUN-AS on some shortcut lets say) then they should still be able to do all that jazz too even though Fast User Switching is turned off.....
but this is usually pretty unlikely and usually that would be someone amongst the IT staff.
So to summarize:
Set policy "Hide entry points for Fast User Switching" to Enabled in order to have only 1 user logged on any given PC "at one time" - IE: Prevent concurrent Windows user Logins
NOW.... I elect MYSELF and MY ANSWER as BEST ANSWER in this THREAD, because its the ONLY ANSWER that addresses the OP's request. -
Limit user session in ADF security
I want single user work in web application only with a single session at any time. How can I limit user sessions?
Hi,
+1. How can I override ADF security (based on JAAS) credentials checking mechanism j_security_check ?+
Why do you want to override this?
+2. How can I store users log-in log-out information in database? Which classess and which methods must be overriden? Can you show code sample of your realisation, please?+
Authentication is not handled by ADF but WebLogic Server. If you want to track database login information you will need to write a custom JAAS Login Module and configure it as an authentication provider in WLS
How can I check if user closed browser?
I would use a temporary cookie with no lifetime. This way, when the browser is closed, the cokie is unavailable, indicating that the user is good to login again. However, this then allows users to start 2 sessions using different browsers (again something you would need to check)
Frank -
Limiting user login time with logoutd
Hi, I wish to limit the time a user uses his session, and I found that the "logoutd" daemon can accomplish this, however, I could't manage to find the syntax rules for configuring it, it uses the next config file:
/etc/porttime
Any Ideas?
=======================================================
Edit: I found out how to use it in the man page:
man porttime
pretty simple
========================================================
Hum, I did what the man page said adding a line for the /etc/porttime with the config I wanted, however I can still login, heres my conf:
*:loise:Al1900-2100
I want that the loise user can only login from 7PM to 9PM everyday, and that the rest of the users can login at anytime. What should I do?
Last edited by LTSmash (2008-03-16 20:40:19)Chris,
Thank you for your response.
I am using Firefox version 2.0.0.20. When I add the security component into my ADF application, I just take whatever it has by default without any customization. That includes default login.html and error.html. Here is my experience,
1) Execute my starting task flow activity inside the JDeveloper. This will invoke a new login page in my default browser Firefox.
2) Login the application with user "abc" and do something. Keep this session open.
3) Open another Firefox browser and enter login URL. and then Login the application with user "xyz" (or even "abc"). I got the error page.
To me, it should be basic web application behavior. I can do things like this in other J2EE application. This one doesn't make sense at all. I am not sure if this is the behavior I would see when I deploy it to a standalone WLS.
Any ideas?
Thanks,
John -
How can I restrain the user login portal once, in the same time ???
Hi
I need to restrain the user can't repeat to login portal ....
to reduce portal loading
How can I restrain the user login portal once, in the same time???
Which attributs in Identity Manager or amconsole I can do it to restrain the user ??
tksDoes your portal support anonymous access? If so, make sure you are using the authlessanonymous mode. This mode only creates one session that is shared for all anonymous users. This is much more efficient than anonymous access, which creates a session for each anonymous user.
I have no other recommendation for limiting users to a single login. In general, web applications do not behave like this. What if a user closes their browser without logging out? Does the user have to wait until the session times out in order to log back in again?
The same thing is true for users that are mobile. If a user leaves their office without logging out and then attempts to log in with a laptop in the conference room, then access will be denied in your implementation. Users do not expect this type of limitation being built into the system.
If you are having problems scaling, then you need to look at your architecture and perhaps add some more resources. Also, make sure you are making efficient use of the authlessanonymous access mode as stated above.
- Jim -
How to restrain the user login portal once, in the same time??
Hi
I need to restrain the user can't repeat to login portal ....
to reduce portal loading
How can I restrain the user login portal once, in the same time???
Which attributs in Identity Manager or amconsole I can do it to restrain the user ??
tksDoes your portal support anonymous access? If so, make sure you are using the authlessanonymous mode. This mode only creates one session that is shared for all anonymous users. This is much more efficient than anonymous access, which creates a session for each anonymous user.
I have no other recommendation for limiting users to a single login. In general, web applications do not behave like this. What if a user closes their browser without logging out? Does the user have to wait until the session times out in order to log back in again?
The same thing is true for users that are mobile. If a user leaves their office without logging out and then attempts to log in with a laptop in the conference room, then access will be denied in your implementation. Users do not expect this type of limitation being built into the system.
If you are having problems scaling, then you need to look at your architecture and perhaps add some more resources. Also, make sure you are making efficient use of the authlessanonymous access mode as stated above.
- Jim -
Hi all,
we can get get the user login time using
*@{session.loginTime}*
But my requirement is to get the last login time ie., Previous login time.
How to achieve this.
Thanks,
Haree.Hi MK,
Thanks a lot for your response.
I am not aware about that. Can you please explain me in brief.
Possibly if you have any document related to it please share with me.
Thanks,
Haree. -
Session creation at the time of Form Login
I enabled my session params to manage weblogic session management in Properties file. I'm using LDAP Realm as a Users/groups repository for credentials checking. I'm using form authentication(weblogic.servlet.security) API to check my credentials. Here I'm facing few problems. I'm not using ACL's for user login. Only form based authentication I'm using for users login to app.
1. The weblogic is creating the session in the first request itlself... i.e. At the time of invoking form.jsp file itself the session has been creating. But I want after authentication only the session should be created for that user.
2. After the session has expired it's not giving any exception. Simply it's creating new session object for that user. How to capture that session time out to display my custom form to specifies that your session has been timed out and try to relogin.
Could you please come up with your suggestions how to achieve this..
I will certainly waiting for your reply as it's blocking my dev work.
regards,
chandraChandra,
The session has little to do with authentication. Rather, it provides a
means to correlate a series of otherwise random HTTP requests by determining
that the requests are all coming from the same inferred user agent (e.g. all
from the same browser instance).
When the user attempts to access any resource, the server (WebLogic) checks
to see if the resource is secured, which is to say that the user must have
specific permissions to access that resource. When such a resource is
requested, and the user has not been authenticated, then the server (in the
case of form based authentication) will send the user a login form. Once
that form is completed successfully (the user is authenticated), the user is
given the originally-requested resource, assuming of course that the user
has such a permission.
It is possible to determine when the session is new (HttpSession.isNew) and
it is possible to determine when it dies (using a session binding listener).
However, it is not possible to drive the client from the server, which
appears to be what you are asking.
It is possible to determine when the user tries to log in. This is
accomplished by replacing J_SECURITY_CHECK with your own servlet call, then
forwarding to J_SECURITY_CHECK.
It is possible to provide the authentication means, which is to say the
actual mechanism by which WebLogic determines if a user exists and if their
password is correct. This is a realm; a good example is the RDBMS realm,
for which source is included in WebLogic 5.1.
Peace,
Cameron Purdy
Tangosol, Inc.
http://www.tangosol.com
+1.617.623.5782
WebLogic Consulting Available
"chandra" <[email protected]> wrote in message
news:[email protected]...
>
I enabled my session params to manage weblogic session management inProperties file. I'm using LDAP Realm as a Users/groups repository for
credentials checking. I'm using form
authentication(weblogic.servlet.security) API to check my credentials. Here
I'm facing few problems. I'm not using ACL's for user login. Only form based
authentication I'm using for users login to app.
>
1. The weblogic is creating the session in the first request itlself...i.e. At the time of invoking form.jsp file itself the session has been
creating. But I want after authentication only the session should be created
for that user.
>
2. After the session has expired it's not giving any exception. Simplyit's creating new session object for that user. How to capture that session
time out to display my custom form to specifies that your session has been
timed out and try to relogin.
>
Could you please come up with your suggestions how to achieve this..
I will certainly waiting for your reply as it's blocking my dev work.
regards,
chandra -
Login Date/time & Logout Date/time of User in apex
Hi,
Is there any apex internal table/view where I can get the Login Date/time & Logout Date/time per user ?
Regards,
BenzBenz wrote:
Is there any apex internal table/view where I can get the Login Date/time & Logout Date/time per user ?No APEX version = no definitive answer...
APEX 4.1 offers:
<li><tt>APEX_WORKSPACE_ACTIVITY_LOG</tt>
<li><tt>APEX_WORKSPACE_ACCESS_LOG</tt>
Access these through Home > Application Builder > Application > Utilities > Application Express Views
See: Creating Custom Activity Reports Using APEX_ACTIVITY_LOG
Note that the underlying logs are purged on a regular basis, so for the long term you need to copy the data to your own tables.
Home > Administration > Monitor Activity provides reports based on this data.
APEX 3.0 has Home> Application Builder > Application > Application Reports > Activity > Page Views by Session which is probably closest to what you're looking for. Can't find this so far in APEX 4.x: presumably superseded by the Home > Administration > Monitor Activity > Page Views > By Interactive Report option?
Note however that the concensus among the wise is that accurate "logout" statistics with APEX (or any browser-based system) is impossible. How many users actually logout using using a method that triggers a capturable event at the actual time they stop using the system? How many are going to close the current browser tab? Or the entire browser window? Or press Cmd-Q? Or click a bookmark for a different location? Or type "p0rn" into the Search box? Or switch to another window and spend the rest of the morning reading Twitter? Or shutdown the machine? Or run out of battery power? Or lose their wifi connection? Or get timed-out during the fire drill? Or go home for the night after locking their PC with everything still running? Or...
Maybe you are looking for
-
My ipod touch wont let me download apps it keeps saying waiting
I have downloaded apps earlier in the day and then all of a sudden after i disconnect my ipod from my computer it wont let me download anymore apps. Is there any way i can fix this?
-
How can I reset my security settings. I forgot the answers and now I cant reset them without knowing them. I am in a loop
-
MacBook losing network connection
I realize this may be a wireless problem...maybe a hiccup somewhere in the network, but I have random laptops (10.6.4 - but this occurred in prior versions of the OS - so it's clearly not an OS specific issue?) that lose their connection to the wirel
-
OS X 10.3 Boot Problems
I have an iMac G3 333 - tray load. I've got 256mb of ram in it and I just received a set of 10.3 installation disks - the black label ones - 4 in the set. My firmware is also at least v3.0, if not 3.0.1 or something like that. The original HDD was 6g
-
ACS 4.2 Database replication issue
Hello Experts, Hope you are all doing well. I need your help in ACS database replication, I want to do replication between ACS servers. The issue i am facing is that there is no error in ACS replication log. It just says outbound replication started.