(Urgent!) Session recovery in tomcat

Good morning,
I'm a java developer working on a system that sells insurance online. We recently been lumbered with implementing the (UK's) new 3Dsecure credit card authorisation system, which basically introduces an additional security phase in processing credit cards transactions.
We currently process credit cards via an XML exchange with a payment server, the current process does not redirect the customer away from our site, and we've never had any trouble with this. NOW we MUST redirect the customer to their bank's website for authorisation, and then the bank sends the customer back after checking. However, when the user is sent back to us, they have 'lost' their session in our application, which ruins their chances of then completing the purchase process.
The session is still in tomcats memory (as far as we can tell), but the user has a new sessionID, and we cannot for the life of us revert them to their old session. We've tried including ;jsessionid=XYZ in the URLs, where XYZ is the old sessionid, we've scoured the HttpServletRequest API for a 'getSession(String id)' method, we've even tried copying the session to the Application scope and then trying to pull it back down upon customers return; but we just cannot get this.
The 3Dsecure deadline is looming, and the only problem we have is with these session persistances Does anyone have any help/advise for us? I'm more than willing to answer additional questions! Cheers.

Maybe here.

Similar Messages

10000: PPPoE session recovery after reload

Hi.
We have seen that there are a feature that recover the PPPoE sessions closed in one side and up in the other. This feature is called 'PPPoE Session Recovery After Reload '.
In the feature navigator, we can see that this feature is available for 7200 series. It seems not available for 10000.
But in the release notes of Cisco IOS 12.3(7)XI3,
http://www.cisco.com/en/US/partner/products/hw/routers/ps133/prod_release_note09186a008040929e.html
appears this bug as resolved:
CSCsa46626
PPP PADT messages are not sent by a PPPoX PTA router to a client when the PPPoX user is no longer connected to the PPPoX PTA router.
This feature is enabled only within the BBA Group configuration using:
bba-group pppoe pppoe1
sessions auto cleanup
This issue can occur when a Cisco 10000 Series router is used as a PPPoX PTA router, and there has been a network flap causing the PPPoX users to lose their connections. PPPoE will experience this issue when BBA Groups are in use. VPDN Group configuration does not support this feature.
There are no known workarounds.
We have tested the IOS 12.3(7)XI6, but the router (10000) doesn't send the PADT (auto cleanup). In 7200, it works correctly.
Anyone have has this problem?
Anyone can confirm if this feature is supported?
Regards.
Jose

Hi Jose ,
I checked it using feature navigator and noticed that cisco 10000 doesn't support ""PPPoE Session Recovery After Reload"" feature.
The following platforms support the feature.
1700
1800
2600
2800
3200
3600
3700
3800
7200
7301
7400
Thanks,
satish

Urgent: Sessions problem pls help me

Hi all,
Its already late to post this problem.pls help me urgently.
I have a servlet & two jsp's. first i request servlet, it processes something and forwards request to my first jsp. In that jsp on a button click, i'm displaying a new popup by calling showModalDialog. this dialog gets data from the same servlet but it forwards to my second jsp.(second jsp can be seen in dialog)
Now if i submit form from my second(dialog) jsp, the servlet reports that session has expired. I tried a lot but invain. any one who helps me is appreciated well by all of our forum.
waiting 4 u r reply,

It could be that you have cookies turned off and you're not using URL Rewriting.
In J2EE, the first time your browser makes a request to the server, the server responds and appends a SESSION_ID parameter to the request as well as storing a cookie with the SESSION_ID.
The second time your browser makes a request, the server checks for the cookie. If it doesn't exist it checks for the parameter. If neither exist the server assumes its the first time your browser has made a request and behaves as describe in the previous paragraph.
In your case when you submit the form if you have disabled cookies and the action attribute doesn't have the SESSION_ID paramter appended to the url, the browser will assume it's a first request. The user will not be logged in, hence your session has expired error.
To fix this you need to encode the URL in your JSP. You can use the struts html:rewrite tag or the HttpServletReponse.encodeURL method, or if you're using JSP 2.0 the JSTL c:url tag.

Session problems in tomcat 5.0.28

Even I shutdown the tomcat 5.0.28 server the session variable is still existing and it is showing the old values. What I have to do to disable the old values? Is it the problem with tomcat 5.0.28 or with JSP coding!

Tomcat serializes sessions to the hard drive when it shutsdown. If you don't want this you have three choices:
1: you can disable this functionality in the server.xml. Check the documentation.
2: you could just delete the session.ser file when you shut down tomcat. This file is under work/standalone/{webapp name}
3: you could close and re-open the browser so that the old jsessionid will not be sent and a new session will be created. The old session will eventually time out.
The third option is probably the easiest.

Session problem using tomcat 3.3.1

Hi all,
Does tomcat support session.?.
I came to know that, tomcat is not supporting session, actually, it kills the session variables when redirecting the response to other page..
Is it so?..
please confirm me..
In my application we are using session variable to store the user access rights, and validating in all jsp pages. we are using resin 1.2.5 as servlet container. It is working fine.
we have an approach to port our application to tomcat instead of resin.
Now, while porting the session variables not retreived in the jsp pages.
I am struggling with this issue for the past one month, so please confirm me regarding tomcat supports session or not.--
Thanks and regards,
Murugan

hi
Well, in my application, i have session variables, and it is working
fine. Except in one jsp page where each time I submit, a new made
Vector disappears.
But the others session attributes are still there (rights, user,
etc ...).

Problems disabling restart session persistence in Tomcat

I'm running Tomcat 5.5.17. I've been working on an application for quite some time when the tomcat logs suddenly started to fill up with the following errors each time I restart Tomcat:
2006-09-29 21:15:10,539 | WARN | StandardSession.java | writeObject() | 1468 | Cannot serialize session attribute publicPictures for session 9184A48FEFC99FAA3573A4DE1F75CCD5
I've searched the web, and found out that the reason for this is that Tomcats "Restart Session Persistence" is turned on. So how do I turn that off?
According to a few sites in the web there should be a file called application.xml, in which I can put the line <Manager pathname=""/> to disable the Session Persistence manager. The problem is that on my Tomcat installation there's no such file.
So I tried to create the file $CATALINA_HOME/conf/application.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE application PUBLIC '-//Sun Microsystems, Inc.//DTD J2EE Application 1.3//EN'
'http://java.sun.com/dtd/application_1_3.dtd'>
<application>
<Manager pathname=""/>
</application>But this had no effect at all. So can someone please explain to me how I can disable the Session Persistence manager?

I had a similar problem in that during restarts sometimes I would get messages about null pointer exceptions which seemed to be related to attempted session persistence. I never paid a lot of attention but eventually decided to do something about it, i.e disable session persistence, since the errors seemed to slowdown restarts.
Based on this:
http://tomcat.apache.org/tomcat-5.5-doc/config/manager.html
I added a Manager element to my main Context element, using the standard manager class and setting the pathname attribute to an empty string:
<Context path="/" debug="1" reloadable="true" crossContext="true">
<Manager class="org.apache.catalina.session.StandardManager" pathname="" />
</Context>
Since the errors I was getting were sporadic anyway I cannot definitively say this fixed it but I have not seen any errors since making the change and shutdowns seem to go faster now.

URGENT-Session Synchronization between WebSEAL and WebLogic Server 6.1

Hi All,
I am a new-bee to Access Manager and WebSEAL.
I have an application running in WebLogic Server6.1.
I have WebSEAL junctioned to iPlanet Web Server, which in turn
integrates with WebLogic through NSAPI plug-in. I am using iPlanet
Directory Server as Access Manager user registry.
As per my application requirement there should be single sign on, that
is if the user gets authenticated with WebSEAL, he need not have to
login to the application and would be able to access any page. But if
he logs off the application and if he tries to access any page then he
need to again get authenticated with the WebSEAL. Here I am having a
problem.
I am not able to make the WebSEAL to through HTTP authentication
challenge again if the user logs off the application. The only way to
make webSEAL to through HTTP authentication challenge in the browser
is to close and open the browser.
I initially tried with BASIC authentication, it does not work.
Then I tried with FORM authentication. In this case webSEAL sets a
cookie called PD-H-SESSION-ID. When the user clicks the "Logoff" link
in the application, I tried to set this cookie's max age to zero, it
does not work. The max age is always set to -1 value. I even tried to
overwrite the cookie value with blank space using HttpServletResponse
setHeader method, which also didnot work.
Can anybody tell me how to make the webSEAL to through the
authentication challenge when the user logs off the application and
what kind of authentication method (BASIC or FORM) to use?
This is very urgent. Pls help?
Thanks in advance.
Regards
Sundar.

Hi All,
I am a new-bee to Access Manager and WebSEAL.
I have an application running in WebLogic Server6.1.
I have WebSEAL junctioned to iPlanet Web Server, which in turn
integrates with WebLogic through NSAPI plug-in. I am using iPlanet
Directory Server as Access Manager user registry.
As per my application requirement there should be single sign on, that
is if the user gets authenticated with WebSEAL, he need not have to
login to the application and would be able to access any page. But if
he logs off the application and if he tries to access any page then he
need to again get authenticated with the WebSEAL. Here I am having a
problem.
I am not able to make the WebSEAL to through HTTP authentication
challenge again if the user logs off the application. The only way to
make webSEAL to through HTTP authentication challenge in the browser
is to close and open the browser.
I initially tried with BASIC authentication, it does not work.
Then I tried with FORM authentication. In this case webSEAL sets a
cookie called PD-H-SESSION-ID. When the user clicks the "Logoff" link
in the application, I tried to set this cookie's max age to zero, it
does not work. The max age is always set to -1 value. I even tried to
overwrite the cookie value with blank space using HttpServletResponse
setHeader method, which also didnot work.
Can anybody tell me how to make the webSEAL to through the
authentication challenge when the user logs off the application and
what kind of authentication method (BASIC or FORM) to use?
This is very urgent. Pls help?
Thanks in advance.
Regards
Sundar.

New session id from tomcat

I have .jsp page.I use tomcat server .When session is valid and i print sessionid in jsp using function session.getId() it print session id but when session is expire then new session id is printed .I didn't understand why this behavior.I set session timeout to 5 sec fro debugging perpose .what i expect is
that session becomes null.My code is
<%
     UserData ud=null;
     if(session == null){
     }else{
          if(session != null){
               out.println("BEFORE :" + session.getId() + "<BR>");
               //ud=(UserData) session.getAttribute("ClientObject");
               out.println("AFTER :" + session.getId() + "<BR>");
          if(ud == null){
               //response.sendRedirect("../ServletLogout");
               //response.sendRedirect("www.google.com");
               out.println("UD==NULL" + session.getId() + "<BR>");
     out.println("Welcome to tracking page");
%>
Thanks
Vijay

I imagine that /test and /TestSession/test/test.jsp fall under different web app context paths.
When the Servlet container creates a JSESSIONID cookie to track the session, it includes a path attribute. The path attribute controls in which requests the browser will send the cookie. By default, the path attribute is set to the web app context path. If the context path is /TestSession, the path attribute will be set to /TestSession and the browser won't include the cookie when it makes requests to /test.
You can override the cookie path with a sun-web.xml deployment descriptor:
<sun-web-app>
<session-config>
    <cookie-properties>
      <property name="cookiePath" value="/"/>
    </cookie-properties>
</session-config>
</sun-web-app>You could also rewrite the outbound Set-cookie: header with an Output directive in obj.conf.
A simpler, less brittle solution would be to redirect requests for /test instead of restarting them.

Sessions problem in tomcat

Hi to all,
Iam using tomcat 5.0 server for my application
i am facing problem with sessions.
when i restarted the tomcat, already created sessions are not
invalidating, they are continuing when the tomcat starts.
How to invalidate the sessions when tomcat shutdown or restart.
Thanks in advance..
Regards,
Mohan

Hi to all,
Iam using tomcat 5.0 server for my application
i am facing problem with sessions.
when i restarted the tomcat, already created sessions are not
invalidating, they are continuing when the tomcat starts.
How to invalidate the sessions when tomcat shutdown or restart.
Thanks in advance..
Regards,
Mohan

[Urgent]Session terminates during DS enhancement due to big data

Hi experts,
I have 0FI_GL_4 for DS enhancement. The business requirement is complicated but we have already fully optimized that ABAP code. Now our R3 side has 2.5 million records in BSEG and if we start BW initial extraction , the session will use more than 2G memory (use ST06 - Top CPU) after 0.5 million data's extraction which will automatically terminated by system!
Problem is that I can not write better code for the requirement. Any workaround to split this initialization?
Regards,
Aaron

Hi Anil,
Thanks for you advice! Here's my concerns for multi initial / delta :
1, What's your suggest condition to divide the whole GL4 data source? If divide by fiscal year, my initial data is still that big ; if divide by company code, do we have to maintain new initial if a single new company code is added in R3 (that's highly probably in our project )
2, If we go with multi initial / delta, does the update method between GL4 ODS to its afterward data provider also the same with before? I mean will the ODS generate several deltas for them? Or it will only contain a delta package which we don't need to take special care on
Regards,
Aaron

Urgent: Why org.apache.tomcat.* package does not exist?

i am writing some programs about ldap
my program code has used some packages as the followings
import org.apache.tomcat.core.*;
import org.apache.tomcat.util.*;
import org.apache.tomcat.util.xml.*;
i am using apache + tomcat4.1 server, jsdk1.4
i have set the classpath that contains all the jar files in $TOMCAT_HOME\common\lib
after setting the classpath, i compiled the code
it said the above packages does not exist
where should i find those packages?
Aren't they in the tomcat i installed?
PLX HELP

for example, i want to use the class
org.apache.tomcat.core.Context to create a class
object.Then you would want to:
import org.apache.tomcat.core.Context;
-or-
import org.apache.tomcat.core.*;
Note how that is different than your original:
import org.apache.tomcat.*;i just use as an example import org.apache.tomcat
but i cannot find org.apache.tomcat.core or even any org.apache.tomcat.*
so that means i havn't include the correct jar file in the classpath or no corresponding package are stored in the tomcat4.1
i just want to know what jar file contains such stuff.
i think it should be a silly problem. So there should be someone know it.

Urgent: session invalidate problem

Guys:
Has anyone had a issue with session.invalidate() using weblogic 8.1.
we have vignette portal and weblogic 8.1.
the problem i have noticed is session.getId retunrns a extra timestamp string in the end. And i am thinking since this changes the entire sessionid, it does not get invalidated. I tried adjusting the weblogic.xml's idlength session-param to 52 but this still happens after that. can anyone suggest any insights. i am unable to kill the session and hence the user is always logged in. the only way is to close to broswer window.

here is the error printed out:
java.lang.NullPointerException
     at com.sssw.srv.http.CommonLogger.log(CommonLogger.java:217)
     at com.sssw.srv.http.httpd.log(httpd.java:4229)
     at com.sssw.srv.http.Client.log(Client.java:254)
     at com.sssw.srv.http.Client.loop(Client.java:1300)
     at com.sssw.srv.http.Client.runConnection(Client.java:1495)
     at com.sssw.srv.http.Client.run(Client.java:1442)
     at java.lang.Thread.run(Thread.java:479)

Urgent:Session swapping problem

Hi,
We have a peculiar problem. We are running a site using JSP. Session handling has been done.
When 2 users log in simultanesouly from different machines into our site and do a transaction, the details of the users are getting swapped between the users. The details of user A are getting transferred to User B and vice versa after a page has been submitted.
What might be a problem ?
Pls help me out immedately.

Hi,
I had something similar, and in my case I had to set the isThreadSafe page property to false. Normally the JSP environment assumes that your jsp-files are 'Threadsafe'. But in your case I think they are not. When you put in your jsp-file the statement
<%@ page isThreadSafe=false %>
then the JSP environment will take care that your jsp-file becomes threadsafe. This should solve your problem.
Sponiza

ORA-00289|ORA-00280 Urgent - ( need recovery help)

PLS NEED A HELP
RUNNING ON NOARCHIVELOG
SUNOS 5.8 SUN4U
ORACLE 9i
DEV DATABASE
TRYING TO OPEN THE DATABASE
ORA-00279: change 18906722884 generated at 04/02/2008 16:18:30 needed for thread 1
ORA-00289: suggestion: /oracle/ora926/dbs/arch1_14790.dbf
ORA-00280: change 18906722884 for thread 1 is in sequence #14790
need help, is urgent
Regards.

$ tail -60 alert_MLQA.log
compatible = 9.2.0.0.0
db_file_multiblock_read_count= 32
fast_start_mttr_target = 300
undo_management = AUTO
undo_tablespace = UNDOTBS1
undo_retention = 10800
max_enabled_roles = 50
remote_login_passwordfile= EXCLUSIVE
db_domain =
instance_name = MLQA
job_queue_processes = 10
hash_join_enabled = TRUE
background_dump_dest = /oracle/admin/MLQA/bdump
user_dump_dest = /oracle/admin/MLQA/udump
core_dump_dest = /oracle/admin/MLQA/cdump
sort_area_size = 524288
db_name = MLQA
open_cursors = 300
star_transformation_enabled= FALSE
query_rewrite_enabled = FALSE
pga_aggregate_target = 104857600
aq_tm_processes = 1
PMON started with pid=2
Thu Apr 3 07:52:44 2008
ORA-00130: invalid listener address '(ADDRESS=(PROTOCOL=TCP)(HOST=mltlcrmt
RT=1521))'
DBW0 started with pid=3
LGWR started with pid=4
CKPT started with pid=5
SMON started with pid=6
RECO started with pid=7
CJQ0 started with pid=8
QMN0 started with pid=9
Thu Apr 3 07:52:46 2008
ALTER DATABASE MOUNT
Thu Apr 3 07:52:50 2008
Successful mount of redo thread 1, with mount id 1528507534
Thu Apr 3 07:52:50 2008
Database mounted in Exclusive Mode.
Completed: ALTER DATABASE MOUNT
Thu Apr 3 07:52:50 2008
ALTER DATABASE OPEN
ORA-1589 signalled during: ALTER DATABASE OPEN...
Thu Apr 3 07:58:48 2008
Restarting dead background process QMN0
QMN0 started with pid=9
Thu Apr 3 08:04:51 2008
Restarting dead background process QMN0
QMN0 started with pid=9
Thu Apr 3 08:10:55 2008
Restarting dead background process QMN0
QMN0 started with pid=9
Thu Apr 3 08:16:59 2008
Restarting dead background process QMN0
QMN0 started with pid=9
Thu Apr 3 08:23:02 2008
Restarting dead background process QMN0
QMN0 started with pid=9
Thu Apr 3 08:29:06 2008
Restarting dead background process QMN0
QMN0 started with pid=9
$
ERROR at line 1:
ORA-01589: must use RESETLOGS or NORESETLOGS option for database open
SQL> SELECT GROUP#,MEMBERS FROM V$LOG;
GROUP# MEMBERS
1 1
2 1
3 1
4 1
SQL> SELECT GROUP#,MEMBER FROM V$LOGFILE;
GROUP#
MEMBER
3
/data1/oradata/mlqa/redo03.log
4
/data2/oradata/mlqa/redo04.log
1
/data1/oradata/mlqa/redo01.log
GROUP#
MEMBER
2
/data2/oradata/mlqa/redo02.log
SQL>
SQL> select file# from v$recover_file;
no rows selected
SQL>
SQL> recover database using backup controlfile;
ORA-00279: change 18906722884 generated at 04/02/2008 16:18:30 needed for
thread 1
ORA-00289: suggestion : /oracle/ora926/dbs/arch1_14790.dbf
ORA-00280: change 18906722884 for thread 1 is in sequence #14790
Specify log: {<RET>=suggested | filename | AUTO | CANCEL}
SQL> desc v$logfile
Name Null? Type
GROUP# NUMBER
STATUS VARCHAR2(7)
TYPE VARCHAR2(7)
MEMBER VARCHAR2(513)
SQL> select group#,status,member from v$logfile;
GROUP# STATUS
MEMBER
3 STALE
/data1/oradata/mlqa/redo03.log
4 STALE
/data2/oradata/mlqa/redo04.log
1
/data1/oradata/mlqa/redo01.log
GROUP# STATUS
MEMBER
2 STALE
/data2/oradata/mlqa/redo02.log
SQL>
THE ABOVE ARE THE COMMANDS I ATTEMPTED

URGENT Rescue & Recovery "Previous Version" Error.

I am resending my post as I experienced the Explorer 9 incompatibility problem.
My hard drive crashed recently and I lost all my data and applications. I have attempted to perform a restore by running Rescue & Recovery 4.31. Unfortunately, all my attempts to do so have resulted in the following error:
“The Restore could not be executed because the selected backup was taken with a previous version of Rescue & Recovery.”
There are a couple of data files I would like to recover. I am running Windows 7 x64 w/ SP1 and I do not recall ever upgrading Rescue & Recovery.
If anyone is aware of a solution, please advise. Thank you very kindly in advance.
Cheers,
Ken

I was previously able to help a member recover files, restore backups in this thread. The circumstances were, going on the limited information here, somewhat different but there may be some ideas which you may help toward a possible solution.
Andy ______________________________________
Please remember to come back and mark the post that you feel solved your question as the solution, it earns the member + points
Did you find a post helpfull? You can thank the member by clicking on the star to the left awarding them Kudos Please add your type, model number and OS to your signature, it helps to help you. Forum Search Option T430 2347-G7U W8 x64, Yoga 10 HD+, Tablet 1838-2BG, T61p 6460-67G W7 x64, T43p 2668-G2G XP, T23 2647-9LG XP, plus a few more. FYI Unsolicited Personal Messages will be ignored.
Deutsche Community Comunidad en Español English Community Русскоязычное Сообщество
PepperonI blog

(Urgent!) Session recovery in tomcat

Similar Messages

Maybe you are looking for