Unique Session IDs in Appserver 7.0 ?

Similar Messages

• Database Session IDs

  I've tried finding an answer and it seems simple enough but I was wondering if anybody could help with the following:
  -It might help that what I have in mind is creating a staging table that stores a session id and a couple other columns. A final procedure is called in the end that takes the data from the staging table and inserts into another based on the session id and another column and deletes it from the staging table. I'm a little concerned that that if an error occurs in one the prior procedures that data will not be cleaned up. My thought was to create a shell script that ran every so often that will remove any entries deemed to be over a certain time limit. However, it got me thinking about sessions ids and if it is possible that a session id could be used again. It would cause a problem if the there was an error and the script hadn't run yet and the session id was reused again. Therefore my questions below.
  Are Session IDs unique?
  Are Session IDs reused?
  If so, is there a general rule of thumb of how frequently they could be used again?
  Any help would be appreciated.
  Thanks

  First, what, exactly do you mean by "Session ID"?
  If you mean SID (from v$session), yes, SIDs are reused all the time. The combination of SID and SERIAL# from V$SESSION is generally unique enough. It will be reused, but on a much longer time scale.
  If you mean SYS_CONTEXT('USERENV','SESSIONID'), the auditing session identifier, that should be unique assuming it is populated (it is not populated for SYS sessions, for example).
  If you mean something else, you'll have to be a bit more specific.
  Justin

• Unique Session ID in XSLT

  Hello SND-ers,
  Iu2019m having a little difficulty figuring out how to obtain the GUID or another unique session ID to place in field u2018SeqNumu2019.  This XSLT creates a custom soap envelope around a payload and Iu2019m using this in an operation mapping in PI 7.1.  I need to place a unique session ID in that u2018SeqNumu2019 field, but havenu2019t figured out how to do this yet.  I didnu2019t know if there was a specific PI namespace that I could reference similar to the date/time example in the code below.  Any help or guidance would be very much appreciated.  Iu2019ve only included the top portion of the code to be clear in my request.
  <xsl:stylesheet version="2.0"
  xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
  xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
  xmlns:wsa="http://www.w3.org/2005/08/addressing"
  xmlns:date="http://exslt.org/dates-and-times">
       <xsl:output method="xml" version="1.0" encoding="UTF-8" indent="yes"/>
       <xsl:variable name="Date" select="date:date()"/>
       <xsl:variable name="Time" select="date:time()"/>
  <!unique id for the session - this can be the existing session id or guid>
       <xsl:param name="SeqNum" select=u201D<requestedvalue>u201D/>
  I tried finding a reference library of some sort that may contain this information, but so far have been unsuccessful.
  Thanks,
  Jason
  ps - as another side request, is it possible to pull the hostname or MAC address of the server to place that in the XSL as a dynamic value?
  Edited by: Jason Ray on Aug 14, 2009 5:53 PM

  >
  Prateek Raj Srivastava wrote:
  > Have you also added the following statements?
  >
  xmlns:map="java:java.util.Map"
  > <xsl:param name="inputparam"/>
  > and
  > <xsl:variable name="dynamic-conf" select="map:get($inputparam, 'DynamicConfiguration')" />
  >
  > Regards,
  > Prateek
  i have not added that code because i do not wish to pull in the payload of the message quite yet.  i'm creating a wrapper for it in the XSLT instead.  I'm interested in the GUID or the message ID and placing that value in a field in the XSLT.  I hope this makes sense.  Below at the bottom i've included more of the message to show what i'm trying to do.
  >
  Russell Darr wrote:
  > These runtime constants can be accessed using the sample xslt below:
  > http://help.sap.com/saphelp_nw04/helpdata/en/73/f61eea1741453eb8f794e150067930/content.htm
  >
  > <?xml version = "1.0" encoding = "utf-8"?>
  > <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
  >
  >   <xsl:param name="MessageId"/>
  >
  >   <xsl:template match="/">
  >      <msgguid>
  >        <xsl:value-of select="$MessageId"/>
  >      </msgguid>
  >   </xsl:template>
  >
  > </xsl:stylesheet>
  >
  > Regarding getting the MAC, I would create a small java class and call it as a function.  Might as well do the same to get the host name.  You can try to get it from a system property if you find one which will work.  For example:
  >
  >             <user>
  >                <xsl:value-of select="system-property('user.name')"/>
  >             </user>
  >
  >
  > Thanks,
  > -Russ
  This is more along the lines of what i'm trying to do.  I saw the runtime constants before and i do believe that the MessageId is what i need.  The issue is that when i add in the syntax from the example it fails stating that the stylesheet cannot be compiled.  Below is the code after I removed the sensitive information and cut a lot of the unnecessary code to simplify:
  I feel I need to add a namespace for the MessageId declaration, similar to how Iu2019ve declared the u2018dateu2019 namespace and referenced functions for the date and time.  Is this true, or is that not needed?
  Iu2019ll also see if I can figure out how to incorporate a small java class for the retrieval of the hostname and MAC.  For now Iu2019ll be sending a static value since the required field just wants a unique ID for the source system.
  Edited by: Jason Ray on Aug 19, 2009 5:46 PM

• Unique session key  weblogic portal 9.2

  Hi,
  Is there a way I can generate unique session key to ensure correct session is tracking between every desktop with different user.
  Is this right way to handle session in weblogic portal 9.2?

  Hi
  what exactly do you want to do? A session does have an id which is guaranteed unique while the server is running (you dont need to do anything special for this). HttpSession.getId.
  Note However normally this value gets stored as a cookie on the browser (with the default name of JSESSIONID) and you must ensure that different webapps on the same domain dont overwrite this value
  regards
  deepak

• Do we need unique program ids for different SAP Channels

  Hi All,
  I am using different channels for receiving SalesOrder and Invoice idocs from SAP system. Wanted to confirm if we need unique program ids for each SAP channel or a single program id can be configured in SAP GUI to receive both idocs. I am using SOA 11g.
  Regards
  Subhankar

  Unique program id for each type of IDOC is preferred per each channel
  IDOC Type 1->Programid1->Channel1
  IDOC Type 2->Programid2->Channel2
  Manoj

• Is it possible to get a unique session per browser window?

  I'm playing with the idea that each browser window may have it's own unique session.
  So, if I have two or more IE browsers open and I point each one at my web site, I want each window
  to maintain their own session id. Same if I have two or more Firefox browsers open, etc ...
  I see a sesion id is stored in the JSESSIONID cookie. It seems browsers of the same make share this cookie.
  So, you cannot keep sessions separate. Is there a way to get around this?
  Why do these sessions need to be shared across browser windows of the same make?

  Oh! Unfortunately, cookiepie is not what I'm seeking.
  How about managing the session without the JSESSIONID cookie?
  Can't the session id be put in the url? Is that a security risk? Even for https?

• How to invalidate session ids

  dear all ,
  Any knows how to invalidate the session ids .
  Ex . Server maintains maintains many client session ids
  I want invalidate those client session ids ,,,'

  There are several cases when a session is invalidated:
  1. when the time specified in web.xml elapsed (session-timeout tag) - this is specified for the entire server
  2. when using session.setMaxInactiveInterval. specs:
  "Specifies the time, in seconds, between client requests before the servlet container will invalidate this session."
  3. when you call session.invalidate() specs: " Invalidates this session then unbinds any objects bound to it." With this, the session is immediately invalidated.

• J2EE session variables & Non Random Session IDs

  Our server keeps failing our PCI compliance test due to the Session ID's being non random.
  Description: Web Server Uses Non Random Session IDs       Synopsis: The remote web server generates predictable session IDs.      Impact: The remote web server generates a session ID for each connection.  A session ID is typically used to keep track of the actions of a user while he visits a web site.  The remote server generates non-random session IDs.  An attacker might use this flaw to guess the session IDs of other users and therefore steal their session.  See also : http://pdos.csail.mit.edu/cookies/seq_sessionid.html        Data Received: Sending several requests gives us the following session IDs : CFID=896744 CFID=896745 CFID=896746 CFID=896747 CFID=896748      Resolution: Configure the remote site and CGIs so as to use random session IDs.       Risk Factor: Medium/ CVSS2 Base Score: 6.4       AV:N/AC:L/Au:N/C:P/I:P/A:N
  We are using J2EE session variables which I though was the more secure option. Is there something else you have to do to guarentee that the Session ID's are non random or is this the Compliance test picking up on a false positive?
  P.S. It's a recent migration to CF10, don't know if that has anything to do with it.

  Personally, I use the client scope instead of the session scope so that I don't have to worry about sticky sessions.  That has always worked out nicely for me.
  I read that article you referenced, and it's got some interesting stuff.  In particular, I have seen the client scope database tables not purge as they're supposed to.  And the stuff about preparing, executing, and then unpreparing SQL statements on each request is alarming, if true.
  However, I have to say that I have never, ever, ever, ever had performance issues due to client variables.  Not once.  Whatever performance hit my application may incur from using client variables has, to this point, been completely dwarfed by the performance of the application itself.  And, c'mon, the stuff about being lazy because you don't want to spend precious engineering time worrying about something like session management (which is never going to add value to your product) rather than coding something actually useful to your end users...that seems overly harsh to me.
  I completely agree that storing client vars in the Windows Registry is bananas, as is the defualt 90 day purge limit (though as of CF 9.0.whatever, the default is 1 day, 7 hours, so clearly they've made some changes since this article was written).  But I'm loathe to throw away client-based management.
  I think, getting back to the issue at hand, that this may be a false positive.  CFID is sequential, but CFTOKEN is not; that should really be the end of the story.  I'll see if McAfee will listen.  (-;

• ALC-UPG-221-002: Errors while migrating archive session Ids.

  I am doing an out of place upgrade from ES2 to ES4.  I have run the Turnkey ES4 upgrade, installed SP1, copied the GDS from the old location to the new location and run Configuration Manager.  When I get to the "Perform
  critical tasks before component deployment" screen and click the Start button I get this error:
  10:07] ALC-UPG-002-505: Disabling UserManager synchronization.
  [10:07] ALC-UPG-001-501: Executing [Application Manager] plugin ...
  [10:07] ALC-UPG-001-503: [Application Manager] plugin execution failed, error message from plugin is [ALC-UPG-221-002: Errors while migrating archive session Ids.].  See LCM logs for details.
  [10:07] ALC-UPG-002-506: Enabling UserManager synchronization.
  The LCM log has this:
  [2014-08-06 10:32:58,555], INFO, AWT-EventQueue-0, com.adobe.livecycle.upgrade.gui.UpgradePhaseDialog, ALC-UPG-002-505: Disabling UserManager synchronization.
  [2014-08-06 10:32:58,560], INFO, Thread-32, com.adobe.livecycle.lcm.feature.lcServer.LCServerConnector, LC Connection properties: {DSC_DEFAULT_SOAP_ENDPOINT=http://localhost:8080, DSC_TRANSPORT_PROTOCOL=SOAP, DSC_CREDENTIAL_PASSWORD=********, DSC_REQUEST_TIMEOUT=1200000, DSC_CREDENTIAL_USERNAME=administrator, }
  [2014-08-06 10:32:58,560], INFO, Thread-32, com.adobe.livecycle.lcm.feature.lcServer.LCServerConnector, Validating connection...
  [2014-08-06 10:32:59,961], SEVERE, Thread-32, com.adobe.livecycle.upgrade.control.PhaseRunner, Aborting.  Invocation of method [configurePreDeploy] failed for com.adobe.livecycle.upgrade.plugins.from9xto100.applicationmanager.Upgrade9xTo100Applicat ionManagerPlugin.  Caught com.adobe.livecycle.upgrade.UpgradeException, message: ALC-UPG-221-002: Errors while migrating archive session Ids.
  com.adobe.livecycle.upgrade.UpgradeException: ALC-UPG-221-002: Errors while migrating archive session Ids.
  at com.adobe.livecycle.upgrade.plugins.from9xto100.applicationmanager.Upgrade9xTo100Applicat ionManagerPlugin.configurePreDeploy(Upgrade9xTo100ApplicationManagerPlugin.java:110)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
  at java.lang.reflect.Method.invoke(Method.java:606)
  at com.adobe.livecycle.upgrade.control.PhaseRunner.run(PhaseRunner.java:244)
  at java.lang.Thread.run(Thread.java:724)
  [2014-08-06 10:33:01,763], INFO, AWT-EventQueue-0, com.adobe.livecycle.upgrade.gui.UpgradePhaseDialog, ALC-UPG-002-506: Enabling UserManager synchronization.
  Nothing tells what the errors are.

  Dear Pallavi,
  Very useful post!
  I am looking for similar accelerators for
  Software Inventory Accelerator
  Hardware Inventory Accelerator
  Interfaces Inventory
  Customization Assessment Accelerator
  Sizing Tool
  Which helps us to come up with the relevant Bill of Matetials for every area mentioned above, and the ones which I dont know...
  Request help on such accelerators... Any clues?
  Any reply, help is highly appreciated.
  Regards
  Manish Madhav

• List all active login sessions IDs

  Hi,
  I want to enumrate all active login sessions for session IDs. I found some api SessionGetInfo which gives current user
  session ID. and getutmpxent which gives process id of (as i understand id of process creating session) all sessions. I
  want to map pid to session id. or is there any other way to list the session IDs of all logged in users.
  Thanks.

  Hi Nagendra,
  You can get the informamtion through one more option also. In case of function module you need to execute the module again and again for each user or may be need to write a report. I would like to suggest you an alternative. That is making use of queries.
  1. Go to transaction SQVI.
  2. In the input field Quick View give the any name for query for example Z_EMAIL_ADD.
  3. Choose create option. In the resulting pop up give description in Title field. In data source choose TABLE JOIN. Select Basis mode.
  4. In the next screen choose INSERT TABLE pushbutton and in the pop up give USR21. Then again choose INSERT TABLE pushbutton and this time give ADR6.
  5. Now go back using back arrow or F3.
  6. Now in the new screen you will be under the tab strip List fld select.. From that entries under available filed (on right hand side) select User name in user master record and the first entry for Internet mail (SMTP) address. Now using single arrow pushbutton poitning towards left move these fields to tabstrip List fld select.
  7. Now go to tabstrip selection filed. As done in step 6 move User name in user master record under it.
  8. Save the changes and go back. A pop up will come asking you to save quick view Z_EMAIL_ADD. Choose yes.
  9. Now execute the query. In the input field you can give one user or multiple users at a given time.
  Regards,
  Rajesh

• Need to generate Unique User IDs in OIM

  Hi,
  I am working in OIM 9.1 environment right now. I need to generate unique User IDs for all the users who come via self request. My problem is that while creating the user ids, I can search for the existing users in OIM and AD easily, but i am unable to search the users for whom the request has been made but approval is pending. Such user ids are reserved in OIM so if an employee with the same first and last name comes, there might be a conflict which might lead to an error. Can someone suggest any api or query using which I can search for these IDs under request in OIM.

  If i use the userid generator as Pre-Insert, there will be a conflict if two similar named users request at the same time (or if one of the request is yet to be approved).
  I am getting the below error while creating user id as Pre-Insert. What is the correct way of getting this done? Please suggest.
  012-11-20 19:25:41,787 INFO [STDOUT] Running CREATEUSERINOIM
  2012-11-20 19:25:41,788 INFO [STDOUT] Target Class = com.pldt.adapter.createuser.CreateUserInOIM
  2012-11-20 19:25:41,788 INFO [STDOUT] ***********************Inside Create User****************************
  2012-11-20 19:25:41,805 INFO [STDOUT] =====================Before Date Insert===============
  2012-11-20 19:25:41,805 INFO [STDOUT] =====================hiredate===============1970-01-01
  2012-11-20 19:25:41,805 INFO [STDOUT] ***************************section***************XTNL Active
  2012-11-20 19:25:42,647 INFO [STDOUT] Running DISABLEUSERINOIM
  2012-11-20 19:25:42,649 INFO [STDOUT] Target Class = com.pldt.adapter.disableuser.DisableUserInOIM
  2012-11-20 19:25:42,649 INFO [STDOUT] Entered Method retrieveUtility in SelectApprovalUser class
  2012-11-20 19:25:42,662 INFO [STDOUT] *************************************Inside disableOIMUser**********************
  2012-11-20 19:25:42,662 INFO [STDOUT] *************************************2**************
  2012-11-20 19:25:42,663 INFO [STDOUT] ******************tcUserIntf**********Thor.API.Operations.tcUserOperationsClient@5fd3131f
  2012-11-20 19:25:42,663 INFO [STDOUT] *************usrkey**********713
  2012-11-20 19:25:42,664 INFO [STDOUT] *************usrkey**********XTNL Active
  2012-11-20 19:25:42,664 INFO [STDOUT] ********************employeeGroup check Value*************XTNL Active
  2012-11-20 19:25:42,664 INFO [STDOUT] returning False
  2012-11-20 19:25:42,797 INFO [STDOUT] ***********************User Created Succesfully****************************
  2012-11-20 19:25:42,848 INFO [STDOUT] **************************Employee Group**********XTNL Active
  2012-11-20 19:25:44,199 INFO [STDOUT] Running CREATEUSERINOIM
  2012-11-20 19:25:44,200 INFO [STDOUT] Target Class = com.pldt.adapter.createuser.CreateUserInOIM
  2012-11-20 19:25:44,200 INFO [STDOUT] ***********************Inside Create User****************************
  2012-11-20 19:25:44,212 INFO [STDOUT] =====================Before Date Insert===============
  2012-11-20 19:25:44,213 INFO [STDOUT] =====================hiredate===============1970-01-01
  2012-11-20 19:25:44,213 INFO [STDOUT] ***************************section***************XTNL Active
  2012-11-20 19:25:44,255 ERROR [XELLERATE.SERVER] Class/Method: tcUSR/verifyUserLogin Error :User Loginid is duplicate.
  2012-11-20 19:25:44,258 ERROR [XELLERATE.SERVER] Class/Method: tcUSR/eventPreInsert Error :User login is not correct.

• Unique session reference ?

  So I'm using session management and I need a unique session identifier to use as a key field in a table
  Is session.sessionID ok for this ?
  table 'webCart'
  sessionID, itemID, qty
  I'm happy once the session times out, the cart row(s) won't be available

  Thanks Dan
  So the session ID isn't truly unique ?
  I'll use the UUID function then
  I'll save the UUID as a session variable
  I'll use the variable as my unique key in the webCart table, so I can insert / retrieve rows for that particular session

• Session Ids

  Hi,
  How do I store the session ids of the stateful session beans.Their type is void.How can I persist them in the local database?
  Regards
  Bhavana

  HI
  GOOD
  GO THROUGH THIS LINK,I HOPE THIS WILL GIVE YOU SOME IDEA TO SOLVE YOUR PROBLEM
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/56fbae90-0201-0010-518d-a256d833508e
  http://wendtstud1.hpi.uni-potsdam.de/sysmod-seminar/SS2005/elaborations/02_Clustering-Concept_of_the_SAP_web_AS.pdf
  http://www.ssw.uni-linz.ac.at/Teaching/Lectures/SpezialLVA/Loeffler/SS2005/j2ee_introduction_and_practice.pdf
  THANKS
  MRUTYUN

• Why is serial# needed for unique session info

  hello everybody,
  as you know, a session is unique with 2 fields, SID and SERIAL# which exist on v$session view.
  my question is why is serial# needed and for which case serial# is changing.
  now, you can say that, "only oracle developers know this, that is the design" but what i mean is, for ex: if i wanted to find a session which is blocked by another session, I use this:
  select * from v$session where blocking_session is not null;in blocking_Session field, oracle gives me the session id (SID) which is blocking a session. so i can use this SID and i can kill it for instance but SID is not unique for a session I can find more than one session with same SID which one is the blocking one ?
  in real life i didnt see an example of that, there is no same sid in system like my blocking session example. so I believe that serial# is assigning for another purpose, I mean, i thougth that it could be for autonomous transaction, maybe they user same sid but differen serial# but when i tested it, i saw that i was wrong.
  so, why serial# is exists. if this is a design issue, how can i find a blocking session by just using SID info ?
  thanks a lot.

  Not surprisingly, an explanation may already be found in the documentation (and copied in Rene's reply above):
  See http://docs.oracle.com/cd/E11882_01/server.112/e25513/dynviews_3016.htm (column description).
  Or search:
  http://www.oracle.com/pls/db112/search?word=sid+serial%23&partno=
  Besides for terminating sessions, serial# may be relevant when e.g. tracing sessions (SQL Trace).
  Not sure what type of example you were looking for, but I came up with this in about five seconds:
  C:\Users>sqlplus blocker_user
  Enter password:
  Connected to:
  Oracle Database 11g Express Edition Release 11.2.0.2.0 - Production
  SQL> select sid,serial# from v$session where sid=(select sid from v$mystat where rownum=1);
         SID    SERIAL#
         136         27
  SQL> conn other_user
  Enter password:
  Connected.
  SQL> select sid,serial# from v$session where sid=(select sid from v$mystat where rownum=1);
         SID    SERIAL#
         136         29Edited by: orafad on Feb 1, 2012 12:18 AM

• EDK Web Controls - Unique Control IDs

  After following the EDK Web Controls Developer Guide and making all the control IDs unique by appending the PortletID, the LinkButton controls in the portlet lose their OnClick Event Handlers.
  The portlet works perfectly when not modifying the ControlIDs.
  If I comment out all the portal specific code, modify the ControlIDs, and run in a standard web page, I also lose the Event Handlers.Any suggestions....

  ------- Jonathan Gilbert wrote on 28/01/05 03:34 -------How are you modifying the IDs? By changing the ID property? You can do it this way but you need to be careful when you do it (otherwise the control won't find it's state in the viewstate). I'd recommend changing the ClientID property - this will only affect how it gets rendered on the page, not how ASP.NET treats it.
  Jonathan,
  Here is the code below. I cannot modify the ClientID because the property is read-only.
  privatevoidUniqueControlIDs(Control control)
  foreach(Control ChildControl incontrol.Controls)
  if(ChildControl.ID != null)
  ChildControl.ID += PortletID;
  UniqueControlIDs(ChildControl);
  protectedoverridevoidOnPreRender(EventArgs e)
  base.OnPreRender(e);
  UniqueControlIDs(this.Page);