Tomcat Session Management
Hello.
I have a question about how Tomcat performs session managment that I can't quite seem to find an answer for.
When you put data into a session, such as a logonid, is the session data sent back to the client and stored in the cookie, or is it kept on the server side (in memory?) and accessed via the sessionid when the user returns? If you use WebScarab or achilles to watch the traffic, it doesn't appear that the data goes back to the client. (Which is a good thing for security). Just wanted to confirm that.
Thanks very much.
I'm not sure but I think the listener is only called when a user session is Created or Destroyed.
What we did:
1. on Create, stored the newly created user session in a vector in the Application Session.
2. on Destroy (User session timeout or user logs off), remove the session from the vector.
We maintained the list to see who was online and too see when they last made a server request:
long last_access_x_seconds_ago = System.currentTimeMillis() - userSession.getLastAccessedTime();The userSession comes from the vector list in the application session. The method getLastAccessedTime(); is a default session method, there are some others that you might find useful...
HTH.
ps. My nick/name is Munyul ... HTH = Hope This Helps :p
Similar Messages
-
Hi,
We have a system that is currently undergoing scalability and performance tuning and we are having a problem with sessions randomly expiring.
Here is our setup:
Tomcat
LoadRunner launching 20, 50, 100, 150, 200 users against the server
(within a few mins of eachother)
Thick client application (signle signon)
As per the business requirement created the scripts with single sign on, however in vugen
the scripts works fine. During the load test noticed that after few mins approx 7 mins started
getting the error.
Recording captured: Xml request and response
Correlation: serverid (ex. 2142) login transaction
Script details:
Login (serverid)
Action repeat iteration till the execution (replacing the serverid throught the script)
Logout (replacing the serverid throught the script)
But manually looks all fine the user can use the same one login throught the day without any expiration.
Note: while the user gets login a jsessionid 12BDE39384940483HDFFKDH.1 created but the loadrunner unable to record anywhere in the script.
Quick response will be appreciated.
If you need any additional information please let me know.
Regards,
Suresh.I'm having the same problem, did you get any luck with this ?
Thanks -
Session management in URL reporting
Hi,
I have problems with the session management while calling reports from our own web-app.
We host our reports (.rpt) on a CrystalReportsServer 2008 running on a Tomcat. This CRS is configured with 20 CAL (ConcurrentAccess Licences).
On the other side, our Intranet, running on another Tomcat.
Our Intranet provides UI allowing users to determine the parameters that will be passed to reports. For some reasons we do not want to use InfoView now but keep using our own UI to call reports. The idea was then to call them through OpenDocument (or viewrpt.cwr) passing parameters in the URL.
In our Web-app, I authenticate the user to the CRS, retrieving an IEnterpriseSession. I then get a token for my calls to OpenDoc. But then, each time I call OpenDoc, a new CAL is picked out. Even if I logoff, only one CAL (the one belonging to my IEnterpriseSession) is given back.
As our users often open and close lots of reports, we run very quickly out of CAL, although the reports are now closed and the user gone.
I thought using a token would have allowed us to consume only 1 CAL per user, using the same CAL for the different calls.
Is my reasoning wrong or is it my code..?When creating the token , use "CreateWCAtoken" function this will not increse the session count in CRS.
You might be using CreateLogonToken function
Arguments passed to these two functions are same. -
Session management in JAX-RCP with JWSDP 1.0_01
Hi all,
How can I access to the HTTP Session of the TOMCAT which run the Web Services engine?
Browsing by the API I've found the method getHttpSession() in the interface javax.xmlrpc.server.ServletEndpointContext.
How can get an instance which implements this interface?
Regards,
C�sar.An old thread but I have a question re session management and web services.
The documentation for ServletEndpointContext says getHttpSession returns null if there is no HTTP session currently active and associated with the service endpoint. It further says the endpoint class should not rely on the HTTP session always being there.
I need to ensure a session is active after a user successfully logs in. Other than spending alot of time implementing session management myself its the only way to tell whether the service requestor is allowed to use the service. Is the session not guaranteed to be active to take account of things like session timeout? Under normal circumstances where the user is sufficiently active to prevent timeout is it reasonable to assume the session will be there? -
Web Services and session management
Hello,
I am building an application using tomcat and axis2 for ws support. Is there any (standard, preferably) way to maintain session information accross multiple soap invocations? Or maybe even manage the sessions by myself "logically" and send something like a header identifying the session key with each request?
Any comments would be appreciated,
ThxHi
Axis2 offers two ways of doing session management. The first way uses a cookie. You need to specify scope="transportsession" in your services.xml, and ensure that cookies are enabled.
The second way is not dependent on HTTP cookies, but uses WS-Addressing headers instead. It is scope="soapsession". If you use the Axis2 client then you can do this very simply use setManageSession(true) on your ServiceClient.
e.g. stub._getServiceClient.setManageSession(true);
If you use another client, you will need to get the header from the response message and add it to future requests yourself.
Can I suggest you move this discussion to [email protected] where all the axis2 experts hang out?
Paul -
JMStudio Error "Can not create session manager"
Hi,
I'm trying to transmit an mpg file through a simple pc to pc network, using the transmission wizard in the JMStudio, and everytime it causes a "can not create session manager" error, even when I try to transmit .mp3 file
I'm using an ip like 100.100.0.1 for the sender machine, and 100.100.0.2 for the receiver machine, and I don't know where is the problem
thanks in advanceUm,maybe the port that you use for transmission is already occupied.
Make sure that you are not using JMStudio to transmit streams while trying to receive streams from the same port. -
What is new with MAX 2.0 and is it compatible with Session Manager?
We added non-IVI instrument information in, basically the same structure as for IVI instruments,
into the ivi.ini file to keep all instrument information in the same place. Using MAX Version 1.1 caused no problems whatsoever and the system worked fine. With the advent of MAX 2.0 you seem to use ivi.ini as well as config.mxs to store instrument information. What we have found now is that given a working ivi.ini file from MAX 1.1, we end up with 2 or 3 copies of all the devices in the IVI Instruments->Devices section! When the duplicate entries are deleted and the application exited, the
ivi.ini file is updated minus the [Hardware->] sections which contain the resource descriptors that our appl
ications look for. As an added complication, under MAX 2.1 (From an evaluation of the Switch Executive) It behaves the same, except that it almost always crashes with one of the following errors. 'OLEChannelWnd Fatal Error', or 'Error#26 window.cpp line 10028 Labview Version 6.0.2' Once opened and closed MAX 2.1 will not open again! (Note we do not have LabVIEW on the system.) What is the relationship between the config.mxs and ivi.ini now? Also, your Session Manager application (for use with TestStand) extracts information from ivi.ini and may expect entries to be manually entered into ivi.ini (e.g. NISessionManager_Reset = True) i.e. Is the TestStand Session Manager compatible with MAX 2.0?Brian,
The primary difference between MAX 1.1 and 2.x is that there is a new internal architecture. MAX 2.x synchronizes data between the config.mxs and the ivi.ini. The reason you're having trouble is that user-editing of the ivi.ini file is not supported with MAX 2.x.
Some better solutions to accomplish what you want:
1. Do as Mark Ireton suggested in his answer
2. Use the IVI Run-Time Configuration functions. They will allow you to dynamically configure your Logical Names, Virtual Instruments, Instrument Drivers, and Devices. You can then use your own format for storing and retrieving that information, and use the relevant pieces for each execution. You can find information on these functions in the IVI CVI Help file located in Start >> National I
nstruments >> IVI Driver Toolset folder. Go to the chapter on Run-time Initialization Configuration.
I strongly suggest #2, because those functions will continue to be supported in the future, while other mechanisms may not be.
--Bankim
Bankim Tejani
National Instruments -
Session management problems with SSO
Hi all-
I've been getting an Apex app tied to SSO as a partner app (per http://www.oracle.com/technology/products/database/application_express/howtos/sso_partner_app.html). So far, it sort of works. If I go to my apex app, it redirects me to SSO, where I authenticate and end up back in the apex app. Great. Here are two problems I've run into:
1. If I am already authenticated to SSO, and I go to my apex app (url like: http://host/pls/apex/f?p=101:1), my browser goes into an infinite redirect (url like: http://host/pls/apex/f?p=101:1:::::FSP_AFTER_LOGIN_URL:\f? p=101|1|||||FSP_AFTER_LOGIN_URL|\f?p=101|1|||||FSP_AFTER_LOGIN_URL|\f? p=101|1|||||FSP_AFTER_LOGIN_URL|\f?p=101|1|||||FSP_AFTER_LOGIN_URL|\f? p=101|1|||||FSP_AFTER_LOGIN_URL|\f?p=101|1|||||FSP_AFTER_LOGIN_URL|\f? p=101|1|||||FSP_AFTER_LOGIN_URL|\f?p=101|1|||||FSP_AFTER_LOGIN_URL|\f? p=101|1|||||FSP_AFTER_LOGIN_URL|\f?p=101|1|||||FSP_AFTER_LOGIN_URL|\f? p=101|1|||||FSP_AFTER_LOGIN_URL|\f?p=101|1|||||FSP_AFTER_LOGIN_URL|\f? p=101|1|||||FSP_AFTER_LOGIN_URL|\f?p=101|1|||||FSP_AFTER_LOGIN_URL|\f? p=101|1|||||FSP_AFTER_LOGIN_URL|\f?p=101|1|||||FSP_AFTER_LOGIN_URL|\f? p=101|1|||||FSP_AFTER_LOGIN_URL|\f?p=101|1|||||FSP_AFTER_LOGIN_URL|\f? p=101|1|\\\\\\\\\\\\\\\\\\\). To resolve, I have to clear cookies.
2. If I am using my apex app, then log out of SSO (in another browser window), I can still click around in my apex app (i.e., apex thinks I'm still authenticated).
Anyone have any thoughts? I'm wondering if I need to do something in page session management (under authentication schemes) to fix #2, but I have no clue about #1.
Thanks
RobHi Scott-
Thanks for the info on #2 - I'll work on that after I get #1 sorted out, since it's the more dire problem. Here's some more info:
Apex version = 3.0.1.00.08
SSO SDK = ssosdk902.zip
I set it up as "My Application as Partner App." I used "MY_PARTNER_NAME" as SSO Partner Application Name. In the list of SSO Partner Apps on the SSO Admin page, my partner app name is also MY_PARTNER_NAME. It gives the following info:
Login URL: https://sso_host/pls/orasso/orasso.wwsso_app_admin.ls_login
Single Sign-Off URL: https://sso_host/pls/orasso/orasso.wwsso_app_admin.ls_logout
Home URL: http://apex_host/pls/apex
Success URL: http://apex_host/pls/apex/RBLICK.YOUR_PACKAGE.PROCESS_SUCCESS
Logout URL: http://apex_host/pls/apex
RBLICK is the schema owning the apex app. In there, I created a package called YOUR_PACKAGE:
create package YOUR_PACKAGE as
procedure process_success(urlc in varchar2);
end YOUR_PACKAGE;
CREATE PACKAGE BODY YOUR_PACKAGE AS
procedure process_success(urlc in varchar2) as
begin
wwv_flow_custom_auth_sso.process_success(
urlc=>urlc,
p_partner_app_name=>'MY_PARTNER_NAME');
end process_success;
END YOUR_PACKAGE;
Anything look obviously wrong to you?
Thanks!
Rob -
Under Excel Service Application --> session management; what is the difference between Session timeout and Short Session timeout?
Any call made from the API will automatically be set to the “Session Timeout” period, no matter
what. Calls made from EWA (Excel Web Access) will get the “Short Session Timeout” period assigned to it initially.
Short Session Timeout and Session Timeout in Excel Services
Short Session Timeout and Session Timeout in Excel Services - Part 2
Sessions and session time-outs in Excel Services
above links are from old version but still applies to all.
Please remember to mark your question as answered &Vote helpful,if this solves/helps your problem. ****************************************************************************************** Thanks -WS MCITP(SharePoint 2010, 2013) Blog: http://wscheema.com/blog -
Session management and java Web Service
Hi ,
Can I have two web services one based on Session bean and other on Simple java class, packaged into single ear file? Does NetWeaver supports web service session management/tracking? How can I get an handle to HttpRequest in my Web Service?
Any help will be appreciated.
Thanks in advance
regards,
rajinderContainer Managed Authentication. Does everything you need.
-
Firefox remembers history but doesn't remember closed tabs, sessions.
It happened after updating Fox to v. 19.0.2 on one computer.
In Firefox Options is set Use Custom Settings For History, everything is checked except Always Use Private Browsing Mode. So I am not in private browsing.
When I press on Undo Closed Button nothing happens & in session manager Save Session Button is greyed out. I've tried installing other add-ons that can remember tabs. tried to disable/reinstall these 2 add-ons. Did't help. On my 2nd computer I have same add-ons, same settings and they are working normally. on 3rd computer undo closed tabs works also. How to fix this? I decided to ask before doing Firefox Reset...
Sync is a separate problem. It works, but quite often it logs me out of Sync account. Then I can log in only using long recovery key and password (choosing option I don't have device with me because it does not accept keys for pairing device.)
Thanks for reading.I have exactly the same settings in Options (in both computers)
for history, these 2 add-ons and all other stuff in Options. The only difference is that on 1 pc sessions can be saved and closed tabs can be reopened, on other main pc they stopped to work. + no any other add-on that does similar things works on this pc.
It is also interesting that I can reopen closed visited sites from History Panel, but not by pressing the Button. For now I only manually bookmark links to a temporary folder.
Recently (some 2 month ago) I pressed x and Firefox closed all tabs without saving them without displaying save & quit pop up.
so I changed 4 settings in about.config
browser.tabs.warn on close true
browser.warn on quit true
browser.warn on restart true
browser.show.quit warning true
but the problem with sessions appeared only 1 week ago.
So I guess the problem is not with the History settings or other settings. Seems that something responsible for button or for storing info about tabs/sessions got corrupted. :( -
Session management in Info View with two different logins using single sign
There is a form with 2 user logins UserA and User B to redirect to infoview with sso in my application. I am able to go to each of the Infoview pages successfully but have the following problem.
User A logs in and infoview opens in a new IE window and sees his/her folders based on permissions and is able to do his/her work for the first time.
User B logs in andand infoview opens in a new IE window sees his/her folders based on permissions and is able to do his/her work for the first time.
<b>After a while when User A tries to access the InfoView in the previously opened IE Window, he/she gets an error message. An error has occurred: The object with ID 2519 does not exist in the CMS or you don't have the right to access it.
User B is able to continue his/her work. Who ever logs in the last, he/she is able to continue his/her work but the other one gets an error.</b>
<b>Please let me know on how to address this issue . I added logonToken and tried everything at my hand but no success. Is this session controlled by business objects or by the jsp page. What more changes are required for my jsp page to fix the error. Attached below are the form and the applogon.jsp snippets.</b>
<B> applogon.jsp</B>
IEnterpriseSession enterpriseSession = null;
Exception failure = null;
boolean loggedIn = true;
String redirectURL = null;
// If no session already exists, logon using the specified parameters.
if (enterpriseSession == null){
try{
// Attempt logon. Create an Enterprise session manager object.
ISessionMgr sm = CrystalEnterprise.getSessionMgr();
// Log on to BusinessObjects Enterprise
enterpriseSession = sm.logon(username, password, "cms", "secEnterprise");
}catch (Exception error){
loggedIn = false;
failure = error;
if (!loggedIn){
// If the login failed, redirect the user to the start page.
return;
}else{
// Store the IEnterpriseSession object in the session.
session.setAttribute("EnterpriseSession", enterpriseSession);
// Create the IInfoStore object.
IInfoStore iStore = (IInfoStore) enterpriseSession.getService("InfoStore");
// Store the IInfoStore object in the session using the helper functions.
session.setAttribute("InfoStore", iStore);
// Store the CMS name for later use.
session.setAttribute("CMS", "CMS");
// Create the IReportSourceFactory object.
IReportAppFactory reportAppFactory =(IReportAppFactory)enterpriseSession.getService("RASReportService");
// Store the IReportSourceFactory object in the session using the helper functions.
session.setAttribute("ReportAppFactory", reportAppFactory);
// Retrieve the logon token manager.
ILogonTokenMgr logonTokenMgr = enterpriseSession.getLogonTokenMgr();
String logonToken = logonTokenMgr.createLogonToken("", 60, 100);
String infoViewURL = null;
String tokenParam = null;
infoViewURL = "/businessobjects/enterprise115/desktoplaunch/InfoView/logon/logon.do";
tokenParam = "token=" + logonToken;
redirectURL = infoViewURL + "?" + tokenParam;
// Retrieve a logon token and store it in the user's cookie
// file for use later.
Cookie cookie = new Cookie("LogonToken", logonTokenMgr.createLogonToken("", 60, 100));
response.addCookie(cookie);
// Store the logon token for later use.
session.setAttribute("token", enterpriseSession.getLogonTokenMgr().getDefaultToken());
// Redirect the user to the relevant tutorial page.
out.println("You have been logged on to Enterprise.");
response.sendRedirect (redirectURL);
Thank You for your help// Retrieve the parameters that the user entered into the logon fields.
<b> user name and password come from here from the above html form into the jsp here. Ted Is this what you are asking for where does the username and password come from
String username = request.getParameter("user");
String password = request.getParameter("pass");
</b>
IEnterpriseSession enterpriseSession = null;
Exception failure = null;
boolean loggedIn = true;
String redirectURL = null;
ISessionMgr sessionMgr = null;
// If no session already exists, logon using the specified parameters.
if (enterpriseSession == null){
try{
// Attempt logon. Create an Enterprise session manager object.
sessionMgr = CrystalEnterprise.getSessionMgr();
// Log on to BusinessObjects Enterprise
enterpriseSession = sessionMgr.logon(username, password, "appserver.abc.com", "secEnterprise");
System.out.println("line61");
}catch (Exception error){
loggedIn = false;
failure = error;
if (!loggedIn){
// If the login failed, redirect the user to the start page.
return;
}else{ this code is in my first post -
Hi All,
I have a problem regarding java session management.
i have created one web application in which i want if user login from one browser instance and opens another instance of same browser and logs in from that then user should be logged out from previous instance. I am using Mozzila 5.0.
Here is what i am doing while creating session in LoginServlet.java
session = request.getSession(false); //return session if already exists
System.out.println("Session object: "+session);
if(session != null)
System.out.println("Session ID Old: "+session.getId());
session.invalidate(); //invalidate the session if already exists
session = request.getSession(true); //Create new session
System.out.println("Session ID New: "+session.getId());
Second and third System.out.println() statements giving the same session id.
This way only the information stored in session when user was logged in from first instance of browser is replaced with the new information stored when the user logged in from second instance of browser, but the user is not logged out from the first browser instance.
Please help me out how i can log the user out from first instance if he logs in from second instance.
Thanks in advance...Since user in logging again from the same machine so i think invalidating the previous session won't work.
Suppose user opens first instance of the mozilla browser and login as say 'ashok' whose role is normal user now he opens another instance of mozilla by clicking on executable and login as 'mitch' whose role is admin then after successful login of 'mitch' on first window mitch's menus items are getting displayed instead of ashok's.
What i am doing is,
While creating new session on login i first check is any existing session available in above case its true
session = request.getSession(false); //return session if already exists
System.out.println("Session object: "+session);
if(session != null)
System.out.println("Session ID Old: "+session.getId());
session.invalidate(); //invalidate the session if already exists
session = request.getSession(true); //Create new session
System.out.println("Session ID New: "+session.getId());
so control will go inside the if block, here i first invalidate the existing session (this is not destroying the session but only unbinding the information that was stored in the session) and create new session (this is returning the same session which was already exists) and save mitch's information. Since the previous instance was using the same session that will now get the mitch's information so now both instances will show the mitch's information.
I am not getting any way to destroy the existing session so next time new session id will get generated. -
Coherence integration with oracle weblogic portal for Session management
Could you please let me know how to configure coherence integration with oracle weblogic portal for Session management. Its very urgent. please help.
Please take a look at the following web page -
http://coherence.oracle.com/display/COH35UG/Coherence*Web+Session+Management+Module
-Luk -
Win 7
Firefox 5
Problem with high memory use.
restarted
Plugin buttons gone from toolbar/
Missing plugins still show in plugin manager but buttons missing from toolbar add buttons pane.
Tried reset toolbars - no difference.
Tried re-instal of Firefox 5 - no difference except:
Session manager offers correct session on startup but starts with last sessionIn case you are using "Clear history when Firefox closes":
*do not clear the Browsing History
*Firefox > Preferences > Privacy > Firefox will: "Use custom settings for history": [X] "Clear history when Firefox closes" > Settings
*https://support.mozilla.org/kb/remove-browsing-search-and-download-history
Note that clearing "Site Preferences" clears all exceptions for cookies, images, pop-up windows, software installation, passwords, and other website specific data.
You can check for problems with the sessionstore.js and sessionstore.bak files in the Firefox profile folder that store session data.
*Help > Troubleshooting Information > Profile Directory: Show Folder (Linux: Open Directory; Mac: Show in Finder)
*http://kb.mozillazine.org/Profile_folder_-_Firefox
*http://kb.mozillazine.org/Multiple_profile_files_created
Deleting sessionstore.js will cause App Tabs and Tab Groups and open and closed (undo) tabs to get lost and you will have to recreate them (make a note or bookmark them if possible).
Maybe you are looking for
-
Can windows Vista use TC for backup
I have two macs using TC and I also have a windows Vista laptop I would also like to get on time machine for backup. I can get on the drive to store files and get files but I can't get it to show up as a valid drive on the network for my backup softw
-
How to upload a video on adobe muse cc, if it's not from youtube
Hi! I have a question about how to upload a video onto my Adobe Muse CC site? The thing is I want to upload it from my computor, not from youtube. I believe it's possible to realize, but I need help to find out how.. Anyone had this kind of question
-
Has anyone batched Raw files on a MBP. The last wedding I shot (First all digital) I batched 350 Raw files in Capture One Pro on a 800mhz eMac, it took 38 hours. I shot with a borrowed Nikon D1X. That is not the way I want my next shoot to go. So I b
-
I am throughly confused about what I need, so I'm sorry, I'm sure this thread is a duplicate of several that are out there, but most of it seems to talk over my head. I have a VERY old version of Adobe Acrobat (version 5.0, yes gasp in horror). I ha
-
I am going to buy a new g5. Not sure which one yet. My question is this: I have a computer desk with a slot near the floor for the computer to set, will the computer over heat in the slot? There is an opening in the back for air to flow out and the f