User Authentification & Sessions

Hello all!
I started programming with sessions a day ago and now want to realize the classic login/logout webapp (if that exists :-)).
My questions is: when the user has authenticated with his user/pass, I start the session and forward him to a(ny) next page. Now, there, how do I make sure the user is logged in? Do I set an attribute in the session like auth="true"? And trust in this on the next pages? No chance to cheat? My application is not that critiocal, I'm just interested in that. How to encode urls?
Over all: how do you realize this mechanism? I like concrete code, so if someone has a good (and short and concenrated) example or a link I would be very happy.
Thanks for your help,
Henning

Here is a servlet I once did.
import java.io.*;
import java.util.*;
import javax.servlet.http.*;
import javax.servlet.*;
import java.sql.*;
import javax.sql.*;
public class LoginServlet extends HttpServlet {
  public void doPost (
     HttpServletRequest     request,
     HttpServletResponse     response
    ) throws ServletException, IOException
  doGet(request,response);
  public void doGet (
     HttpServletRequest     request,
     HttpServletResponse     response
    ) throws ServletException, IOException
   HttpSession session = request.getSession(true);
   PrintWriter out = response.getWriter();
     try {
          String driverName="sun.jdbc.odbc.JdbcOdbcDriver";
          String dbUrl="jdbc:odbc:login";
          Class.forName(driverName);
          Connection db =DriverManager.getConnection(dbUrl,"","");
          if ((session.getAttribute("user") == null) || (!session.getAttribute("ip").equals(request.getRemoteAddr()))){
               PreparedStatement pStmt = db.prepareStatement("SELECT * FROM [login] WHERE [account] =? AND password=? AND [activated] = 1 ");
               pStmt.setString(1, request.getParameter("account"));
               pStmt.setString(2, request.getParameter("password"));
               ResultSet rs = pStmt.executeQuery();
               if(!rs.next()){
                    System.out.println("Account is not valid.");
                    request.setAttribute("msg", "Account is not valid.");
                    RequestDispatcher rd = request.getRequestDispatcher("../login/index.jsp");
                    rd.forward(request, response);
               else do {
                    int id = rs.getInt(1);
                    String account = rs.getString(2); 
                    session.setAttribute("user", new Integer(id));
                    session.setAttribute("account", account);
                    session.setAttribute("ip", request.getRemoteAddr());
                    System.out.println("User " + session.getAttribute("user") +" has logged on.");
                    request.setAttribute("msg", "User has logged on.");
                    RequestDispatcher rd = request.getRequestDispatcher("../login/index.jsp");
                    rd.forward(request, response);
               } while(rs.next());
               rs.close();
          else {
               System.out.println("User has already logged on.");
                    request.setAttribute("msg", "User has already logged on.");
                    RequestDispatcher rd = request.getRequestDispatcher("../login/index.jsp");
                    rd.forward(request, response);
          db.close();
     catch(Exception exp){
          System.out.println("Exception: "+ exp);
   out.close();
}On all jsppages then use the following for verification:
<%
if ((session.getAttribute("user") == null) || (!session.getAttribute("ip").equals(request.getRemoteAddr()))){
response.sendRedirect("index.jsp");
%>Feel free to use.
Andreas

Similar Messages

  • How open multiple responsibilities in the same user login session in R12 ?

    Dear All,
    Can anyone help me to know how to open multiple responsibility in the same user login session in R12 ?
    Thanks..
    Edited by: G-oracle on Sep 18, 2011 11:22 AM

    Can anyone help me to know how to open multiple responsibility in the same user login session in R12 ?What do you mean by open multiple responsibilities in the same session? You can only see the menu of one responsibility at a time, so how to do you expect the application to let you see multiple responsibilities/menus in one session?
    You could open another session and this way you can access more than one responsibility at the same time.
    Thanks,
    Hussein

  • Upload file with iframe loos session user and session id in wwv_flow_files

    Hello every one, hope someone could help us with this problem.
    What we are trying to do is to upload a file from a jquery dialog in a appex page by redirecting the POST action of the wwvFlowForm to the iframe.
    *1. In the javascript there is the function call to open my modal window with the input*
    function add_fichier_form(numeroProjet,idCat){
         $("#div_upload_fichier").dialog(
                    modal : true ,
                    autoOpen : false ,
                    resizable: false ,
                    width: 700         
           $('#div_upload_fichier').parent().appendTo('#div_base');
          $('#upload_button').unbind('click').click(function(){           
              if ($('#P4010_FILE_FICHIER').val() != '') {
                   $('#upload_iframe_v2').unbind('load').load(function () {
                        $('#upload_status').html(' déplacement du fichier...');
                        // move the file
                        $('#upload_status').html('Fichier transféré avec succès');
                        //file transfer ok
                        //calling the javascript function to add everything in my own table;
                                     //we see the file in the  wwv_flow_file_objects$ without
                         add_fichier_form_db();
                   // set the form target to the iframe, submit, then remove the target
                   $('#wwvFlowForm').attr('target','upload_iframe_v2').submit().removeAttr('target');
                   $('#upload_status').html(' Téléchargement du fichier...');
              }else {
                   alert('Veuillez sélectionner un fichier');
         $("#div_upload_fichier").dialog("option", "title", "Ajout d'un fichier");
            $("#div_upload_fichier").dialog("open");
           }*2. At this point we see the file in the table but without the user and session credential*
    select *
        from wwv_flow_file_objects$
    The result is that the field security_group_id is assign to 0 AND created_by = APEX_PUBLIC_USER
    *3. add_fichier_form_db(); the javascript function making the ajax call to a procedure plsql*
    function add_fichier_form_db(){
             //alert ('Dasn fichier form db');
         vNumeroProjet = document.getElementById('P4010_CAT_NUMERO_PROJET').value;
         vIdCat = document.getElementById('P4010_CAT_ID').value;
         vFichierNom = document.getElementById('P4010_NOM_FICHIER').value;
         vFichierDesc = document.getElementById('P4010_DESC_FICHIER').value;
         vFichierFile = document.getElementById('P4010_FILE_FICHIER_NAME').value;
         var ajaxRequest = new htmldb_Get(null , 300, 'APPLICATION_PROCESS=ADD_FICHIER_FORM_DB', 4010);
         ajaxRequest.add( "P4010_CAT_NUMERO_PROJET", vNumeroProjet);
         ajaxRequest.add( "P4010_F_CAT_ID", vIdCat);
         ajaxRequest.add( "P4010_FICHIER_NOM", vFichierNom);
         ajaxRequest.add( "P4010_FICHIER_DESC", vFichierDesc);
         ajaxRequest.add( "P4010_FILE_FICHIER_NAME", vFichierFile);
          var gReturn = ajaxRequest.get();
         if (gReturn){
              $x("getlistfichier").innerHTML = gReturn;
              closeForm();
         }else{
              alert ('Problèmes dans le call Ajax ADD_REPERTOIRE_FORM_DB \n La valeur retournée est: \n' + gReturn);
    }*4. PLSQL PROCEDURE *
    h1. WHEN the query is executing it's return ORA-01403: no data found. WHY ????
    PROCEDURE P_ADD_FICHIER_FORM_DB(
                P_NUMERO_PROJET number,
                P_CAT_ID number,
                P_FICHIER_NOM varchar2,
                P_FICHIER_DESC varchar2,
                P_FILE_FICHIER_NAME in varchar2)
    AS
      vNumeroProjet number;
      vFichierNom varchar(255);
      vFichierDesc varchar(2000);
      vCatId number;
      vActif number;
      vDocSize number;
      vNomUsager varchar(10);
      vDateCreation date;
      vFichierTypeId number;
      vNomReel varchar2(1000);
      vNomReel2 varchar2(1000);
      vCurVal number;
      BEGIN
        SELECT FILENAME,DOC_SIZE,CREATED_ON
        INTO
        vNomReel,vDocSize,vDateCreation
        FROM WWV_FLOW_FILES
        WHERE FILENAME = P_FILE_FICHIER_NAME;
    /*GET ERROR sqlerrm:ORA-01403: no data found */
      END P_ADD_FICHIER_FORM_DB;h4. hope someone help us soon
    Thanks in advance
    jocelyn

    Finally we find what was wrong so i give you the solution.
    In the javascript on the function add_fichier_form
    We need to append the div of the form to the default form of apex wwvFlowForm
    so the line*
    $('#div_upload_fichier').parent().appendTo('#div_base');
    should be change to*
    $('#div_upload_fichier').parent().appendTo('#wwvFlowForm');Edited by: jocbed on 2012-01-26 11:08

  • How to edit other user's session from a session id?

    I want to ban a person on real time for example. Website's database ban checking is on the login level. So if i ban someone the user's session must be expired and relogin. But if i change user's session attiributes it will be real time ban.
    Shortly how can i edit some user's session from their session ids.
    Thanks
    null

    Use a filter and have it check with every page load (as one obvious solution).

  • TIPS(16) : PROVIDING USERS WITH SESSION INFORMATION

    제품 : SQL*PLUS
    작성날짜 : 1996-11-12
    TIPS(16) : Providing Users with Session Information
    ===================================================
    rem
    rem orasessn.sql
    rem
    rem
    rem This script is used to provide users with information regarding their
    rem oracle sessions.
    rem The USER_SESSION view provides information related only to the
    rem current session for a user; while the ALL_SESSIONS relates to all
    rem sessions within the database for a user.
    rem The DBA_SESSION can only be viewed by the
    rem Oracle sys id (and anyone granted select on this view).
    rem The DBA_SESSION lists all oracle sessions excluding the Oracle
    rem generic processes (dbwr, pmon, smon, etc.).
    rem The SID and SERIAL# can be used with killing sessions.
    This script must be run from the Oracle sys id.
    rem --------------------------------------------------------------------------
    rem
    set echo on;
    spool orasessn;
    rem
    drop public synonym ALL_SESSIONS;
    create or replace view ALL_SESSIONS
    (USERNAME, OS_USER, SID, SERIAL#, STATUS, SERVICE, DATABASE,
    CURSORS, MACHINE, TERMINAL, PROGRAM)
    as
    select substr(v1.username,1,20), substr(v1.osuser,1,12),
    to_char(v1.sid,'999'), to_char(v1.serial#,'999999'),
    v1.status, v1.server, substr(v3.value,1,10), v2.value,
    substr(v1.machine,1,15), v1.terminal, v1.program
    from v$session v1, v$sesstat v2, v$parameter v3
    where v1.username = user
    and v2.sid = v1.sid
    and v2.statistic# = 3
    and v3.name = 'db_name' ;
    grant select on ALL_SESSIONS to PUBLIC;
    create public synonym ALL_SESSIONS for ALL_SESSIONS;
    rem
    drop public synonym USER_SESSIONS;
    create or replace view USER_SESSIONS
    (USERNAME, OS_USER, SID, SERIAL#, STATUS, SERVICE, DATABASE,
    CURSORS, MACHINE, TERMINAL, PROGRAM)
    as
    select substr(v1.username,1,20), substr(v1.osuser,1,12),
    to_char(v1.sid,'999'), to_char(v1.serial#,'999999'),
    v1.status, v1.server, substr(v3.value,1,10), v2.value,
    substr(v1.machine,1,15), v1.terminal, v1.program
    from v$session v1, v$sesstat v2, v$parameter v3
    where v1.audsid = userenv('SESSIONID')
    and v2.sid = v1.sid
    and v2.statistic# = 3
    and v3.name = 'db_name' ;
    grant select on USER_SESSIONS to PUBLIC;
    create public synonym USER_SESSIONS for USER_SESSIONS;
    rem
    create or replace view DBA_SESSIONS
    (USERNAME, OS_USER, SID, SERIAL#, STATUS, SERVICE, DATABASE,
    CURSORS, MACHINE, TERMINAL, PROGRAM)
    as
    select substr(v1.username,1,20), substr(v1.osuser,1,12),
    to_char(v1.sid,'999'), to_char(v1.serial#,'999999'),
    v1.status, v1.server, substr(v3.value,1,10), v2.value,
    substr(v1.machine,1,15), v1.terminal, v1.program
    from v$session v1, v$sesstat v2, v$parameter v3
    where v1.username is not null
    and v2.sid = v1.sid
    and v2.statistic# = 3
    and v3.name = 'db_name' ;
    rem -------------------------------------------------------------------
    spool off;

    제품 : SQL*PLUS
    작성날짜 : 1996-11-12
    TIPS(16) : Providing Users with Session Information
    ===================================================
    rem
    rem orasessn.sql
    rem
    rem
    rem This script is used to provide users with information regarding their
    rem oracle sessions.
    rem The USER_SESSION view provides information related only to the
    rem current session for a user; while the ALL_SESSIONS relates to all
    rem sessions within the database for a user.
    rem The DBA_SESSION can only be viewed by the
    rem Oracle sys id (and anyone granted select on this view).
    rem The DBA_SESSION lists all oracle sessions excluding the Oracle
    rem generic processes (dbwr, pmon, smon, etc.).
    rem The SID and SERIAL# can be used with killing sessions.
    This script must be run from the Oracle sys id.
    rem --------------------------------------------------------------------------
    rem
    set echo on;
    spool orasessn;
    rem
    drop public synonym ALL_SESSIONS;
    create or replace view ALL_SESSIONS
    (USERNAME, OS_USER, SID, SERIAL#, STATUS, SERVICE, DATABASE,
    CURSORS, MACHINE, TERMINAL, PROGRAM)
    as
    select substr(v1.username,1,20), substr(v1.osuser,1,12),
    to_char(v1.sid,'999'), to_char(v1.serial#,'999999'),
    v1.status, v1.server, substr(v3.value,1,10), v2.value,
    substr(v1.machine,1,15), v1.terminal, v1.program
    from v$session v1, v$sesstat v2, v$parameter v3
    where v1.username = user
    and v2.sid = v1.sid
    and v2.statistic# = 3
    and v3.name = 'db_name' ;
    grant select on ALL_SESSIONS to PUBLIC;
    create public synonym ALL_SESSIONS for ALL_SESSIONS;
    rem
    drop public synonym USER_SESSIONS;
    create or replace view USER_SESSIONS
    (USERNAME, OS_USER, SID, SERIAL#, STATUS, SERVICE, DATABASE,
    CURSORS, MACHINE, TERMINAL, PROGRAM)
    as
    select substr(v1.username,1,20), substr(v1.osuser,1,12),
    to_char(v1.sid,'999'), to_char(v1.serial#,'999999'),
    v1.status, v1.server, substr(v3.value,1,10), v2.value,
    substr(v1.machine,1,15), v1.terminal, v1.program
    from v$session v1, v$sesstat v2, v$parameter v3
    where v1.audsid = userenv('SESSIONID')
    and v2.sid = v1.sid
    and v2.statistic# = 3
    and v3.name = 'db_name' ;
    grant select on USER_SESSIONS to PUBLIC;
    create public synonym USER_SESSIONS for USER_SESSIONS;
    rem
    create or replace view DBA_SESSIONS
    (USERNAME, OS_USER, SID, SERIAL#, STATUS, SERVICE, DATABASE,
    CURSORS, MACHINE, TERMINAL, PROGRAM)
    as
    select substr(v1.username,1,20), substr(v1.osuser,1,12),
    to_char(v1.sid,'999'), to_char(v1.serial#,'999999'),
    v1.status, v1.server, substr(v3.value,1,10), v2.value,
    substr(v1.machine,1,15), v1.terminal, v1.program
    from v$session v1, v$sesstat v2, v$parameter v3
    where v1.username is not null
    and v2.sid = v1.sid
    and v2.statistic# = 3
    and v3.name = 'db_name' ;
    rem -------------------------------------------------------------------
    spool off;

  • How to trace other user's session?

    Dear Experts,
    I would like to trace other user's session, I am on Oracle 10g R2 (10.2.0.4) on a Windows box. I did search on google and found tons of articles explaining about tracing techniques. But unfortunately, trace file is not getting generated in my case. Below are the steps I am following:
    SQL> conn /as sysdba
    Connected.
    SQL>
    SQL> select sid, serial# from v$session where username = 'TEST';
           SID    SERIAL#
            38         17
    SQL> show parameter user_d
    NAME                                 TYPE        VALUE
    user_dump_dest                       string      C:\DB10G\UDUMP
    SQL> show parameter timed_s
    NAME                                 TYPE        VALUE
    timed_statistics                     boolean     TRUE
    SQL>Connect a new SQL*Plus session as TEST and then
    SQL> show user
    USER is "SYS"
    SQL>
    SQL> select sid, serial# from v$session where username = 'TEST';
           SID    SERIAL#
            19      24465
            38         17
    SQL> exec dbms_system.set_ev(38,17, 10046, 12, '');
    PL/SQL procedure successfully completed.
    SQL> exec dbms_system.set_ev(38,17, 10046, 0, '');
    PL/SQL procedure successfully completed.
    SQL> grant execute on dbms_system to test;
    Grant succeeded.
    SQL> exec dbms_system.set_ev(38,17, 10046, 12, '');
    PL/SQL procedure successfully completed.in the new session (TEST):
    SQL> select * from tab;
    TNAME                          TABTYPE  CLUSTERID
    T                              TABLE
    T3                             TABLE
    T1                             TABLE
    T2                             TABLE
    MYEMP                          TABLE
    SQL>Yet, no trace file is generated in "C:\db10g\udump" folder.
    C:\db10g\udump>dir
    Volume in drive C is SYSTEM
    Volume Serial Number is AC21-0462
    Directory of C:\db10g\udump
    12/15/2008  12:36 PM    <DIR>          .
    12/15/2008  12:36 PM    <DIR>          ..
                   0 File(s)              0 bytes
                   2 Dir(s)   9,891,508,224 bytes free
    C:\db10g\udump>Your help/advice in this regard will be very helpful.
    Regards

    You must be using shared server.
    You can verify this by referring to the SERVER column of v$session.
    In shared server several servers will execute your code, so that's why you don't find a trace file.
    The method described in this article should work in your case also:
    http://technology.amis.nl/blog/1794/how-to-trace-a-java-application-through-a-connection-pool-using-dbms_monitor-6
    Hth
    Sybrand Bakker
    Senior Oracle DBA

  • Remotely view web user's session

    Okay, we have web users doing stuff on a website we host & control. Sometimes web users have trouble using the web/site. So they call for support and help getting them through some process (like making a payment over the web).
    What the business wants (at an admin level) is the ability to see what the user sees. Not so much like Remote Desktop or whatever, but something non-obtrusive (no install to the client). The thought is currently that we could take the user's HttpSession object and expose it to an admin or support person, so that they can both go to the same page and see the same thing. This way, the admin can walk the user through the process quite smoothly.
    We are using WebSphere so we can share sessions accross WARs, but not sure about doing so accross EARs. So we can store the user's session in the database, but can we pull it out and use it?
    So how does this idea sound?
    Is there a better approach?
    Any major obvious gotchas?
    All ideas welcome!

    Here is some prototype code that I fixed up. It will store the last jsp or servlet that the user has viewed but not html pages. Still working on that:
    import javax.servlet.*;
    import javax.servlet.http.*;
    import java.io.*;
    public class MyServlet extends HttpServlet {
         public void init(ServletConfig config) throws ServletException {
              super.init(config);
          * Handles request posted by the client using "GET" method.
          * @param     request          Object containing HTTP request from the client.
          * @param     response     The response to be sent back to the client.
         public void doGet(HttpServletRequest request, HttpServletResponse response)
                   throws ServletException, IOException {
              doPost(request, response);
          * Handles request posted by the client using "POST" method.
          * @param     request          Object containing HTTP request from the client.
          * @param     response     The response to be sent back to the client.
        public void doPost(HttpServletRequest request, HttpServletResponse response)
                   throws ServletException, IOException {
            if (request.getParameter("fetchFile") != null) {
                if (request.getParameter("user") == null) {
                    response.getWriter().print("No USER ID Supplied for fetch");
                    return;
                System.out.println("Fetching file");
                File file = new File("c:/temp/" + request.getParameter("user"));
                FileReader fr = new FileReader(file);
                int EOF = 0;
                char[] cbuf = new char[1024];
                response.getWriter().print("THIS IS THE FETCHED FILE <BR>");
                while (fr.read(cbuf) != -1) {
                    response.getWriter().print(cbuf);
                response.getWriter().print("<br>END OF FETCHED FILE <BR>");
                return;
            ServletOutputStream sos = response.getOutputStream();
            sos.print("<html><head></head><body>");
            sos.print("<p>output printed to the servletoutput stream<P>");
            sos.print("</body></html>");
            sos.close();
    * MyFilter.java
    * Created on November 2, 2005, 11:13 AM
    package com.filter;
    import javax.servlet.http.*;
    import javax.servlet.*;
    import java.io.*;
    * @author  Tolmke
    public class MyFilter implements Filter {
        // The filter configuration object we are associated with.  If
        // this value is null, this filter instance is not currently
        // configured.
        private FilterConfig filterConfig = null;
        private static final boolean debug = false;
        private long start = 0;
        private long end = 0;
        public MyFilter() {
        private void doBeforeProcessing(ServletRequest request, ServletResponse response)
        throws IOException, ServletException {
            if (debug) log("MyFilter:DoBeforeProcessing");
            System.out.print("In Filter  ");
            this.start = System.currentTimeMillis();
            System.out.println((new java.util.Date()).toString() +
                               " start request ");
        private void doAfterProcessing(ServletRequest request, ServletResponse response)
        throws IOException, ServletException {
            if (debug) log("MyFilter:DoAfterProcessing");
            System.out.println("Completion Time = " + (System.currentTimeMillis() - start));
         * @param request The servlet request we are processing
         * @param result The servlet response we are creating
         * @param chain The filter chain we are processing
         * @exception IOException if an input/output error occurs
         * @exception ServletException if a servlet error occurs
        public void doFilter(ServletRequest request, ServletResponse response,
        FilterChain chain)
        throws IOException, ServletException {
            if (debug) log("MyFilter:doFilter()");
            doBeforeProcessing(request, response);
            Throwable problem = null;
            MyResponseWrapper wrapper = new MyResponseWrapper((HttpServletResponse)response);
            try {
                chain.doFilter(request, wrapper);
                if (wrapper.getMode() == 1) {
                    response.getOutputStream().println(wrapper.toString());
                    if (request.getParameter("user") != null) {
                        File file = new File("c:/temp/" + request.getParameter("user"));
                        BufferedWriter bw = new BufferedWriter(new FileWriter(file));
                        bw.write(wrapper.toString());
                        bw.close();
                } else if (wrapper.getMode() == 2) {
                    response.getOutputStream().write(wrapper.getData());
                    if (request.getParameter("user") != null) {               
                        File file = new File("c:/temp/" + request.getParameter("user"));
                        BufferedOutputStream bos = new BufferedOutputStream(new FileOutputStream(file));
                        bos.write(wrapper.getData());
                        bos.close();
                } else if (wrapper.getMode() == 0) {
                    System.out.println("DOING NOTHING");
            catch(Throwable t) {
                problem = t;
                t.printStackTrace();
            doAfterProcessing(request, response);
            // If there was a problem, we want to rethrow it if it is
            // a known type, otherwise log it.
            if (problem != null) {
                if (problem instanceof ServletException) throw (ServletException)problem;
                if (problem instanceof IOException) throw (IOException)problem;
                sendProcessingError(problem, response);
         * Return the filter configuration object for this filter.
        public FilterConfig getFilterConfig() {
            return (this.filterConfig);
         * Set the filter configuration object for this filter.
         * @param filterConfig The filter configuration object
        public void setFilterConfig(FilterConfig filterConfig) {
            this.filterConfig = filterConfig;
         * Destroy method for this filter
        public void destroy() {
         * Init method for this filter
        public void init(FilterConfig filterConfig) {
            this.filterConfig = filterConfig;
            if (filterConfig != null) {
                if (debug) {
                    log("MyFilter:Initializing filter");
         * Return a String representation of this object.
        public String toString() {
            if (filterConfig == null) return ("MyFilter()");
            StringBuffer sb = new StringBuffer("MyFilter(");
            sb.append(filterConfig);
            sb.append(")");
            return (sb.toString());
        private void sendProcessingError(Throwable t, ServletResponse response) {
            String stackTrace = getStackTrace(t);
            if(stackTrace != null && !stackTrace.equals("")) {
                try {
                    response.setContentType("text/html");
                    PrintStream ps = new PrintStream(response.getOutputStream());
                    PrintWriter pw = new PrintWriter(ps);
                    pw.print("<html>\n<head>\n</head>\n<body>\n"); //NOI18N
                    // PENDING! Localize this for next official release
                    pw.print("<h1>The resource did not process correctly</h1>\n<pre>\n");
                    pw.print(stackTrace);
                    pw.print("</pre></body>\n</html>"); //NOI18N
                    pw.close();
                    ps.close();
                    response.getOutputStream().close();;
                catch(Exception ex){ }
            else {
                try {
                    PrintStream ps = new PrintStream(response.getOutputStream());
                    t.printStackTrace(ps);
                    ps.close();
                    response.getOutputStream().close();;
                catch(Exception ex){ }
        public static String getStackTrace(Throwable t) {
            String stackTrace = null;
            try {
                StringWriter sw = new StringWriter();
                PrintWriter pw = new PrintWriter(sw);
                t.printStackTrace(pw);
                pw.close();
                sw.close();
                stackTrace = sw.getBuffer().toString();
            catch(Exception ex) {}
            return stackTrace;
        public void log(String msg) {
            filterConfig.getServletContext().log(msg);
    * CharResponseWrapper.java
    * Created on November 2, 2005, 11:09 AM
    package com.filter;
    import javax.servlet.http.*;
    import javax.servlet.*;
    import java.io.*;
    * @author  Tolmke
    public class MyResponseWrapper extends HttpServletResponseWrapper {
       private CharArrayWriter myOut = new CharArrayWriter();
       private FilterServletOutputStream fos = new FilterServletOutputStream();
       private int mode;
       private int contentLength;   
       private String contentType;  
       public String toString() {
          return myOut.toString();
       public MyResponseWrapper(HttpServletResponse response){
          super(response);
          this.myOut = new CharArrayWriter();
       public PrintWriter getWriter(){
           this.setMode(1);
           return new PrintWriter(this.myOut);
      public ServletOutputStream getOutputStream()
                                        throws java.io.IOException {
           this.setMode(2);                                       
           return this.fos;
       public byte[] getData() {
           return this.fos.getData();
        public void setContentType(String type) {       
            this.contentType = type;       
            super.setContentType(type);   
        public String getContentType() {       
            return this.contentType;   
        public int getContentLength() {       
            return contentLength;   
        public void setContentLength(int length) {       
            this.contentLength=length;       
            super.setContentLength(length);   
        public int getMode() {       
            return mode;   
        public void setMode(int mode) {       
            this.mode = mode;           
    * FilterServletOutputStream.java
    * Created on November 2, 2005, 11:34 AM
    package com.filter;
    import javax.servlet.*;
    import java.io.*;
    * @author  Tolmke
    public class FilterServletOutputStream extends ServletOutputStream {
        private ByteArrayOutputStream baos;
        public FilterServletOutputStream() {
            baos = new ByteArrayOutputStream();
        public byte[] getData() {
            return baos.toByteArray();
        public void write(int b) throws IOException { 
            baos.write(b);   
        public void write(byte[] b) throws IOException {       
            baos.write(b);   
        public void write(byte[] b, int off, int len) throws IOException {   
            baos.write(b, off, len);   
        public void print(String s)
            throws IOException
            if(s == null)
                s = "null";
            int len = s.length();
            for(int i = 0; i < len; i++)
                char c = s.charAt(i);
                if((c & 0xff00) != 0)
                    String errMsg = "err.not_iso8859_1";
                    Object errArgs[] = new Object[1];
                    errArgs[0] = new Character(c);
                    throw new CharConversionException(errMsg);
                this.write(c);
       

  • How to view Logged in User's sessions

    Dear Portal gurus,
    Pls let me know how I can view logged in user's session s.
    Thanks.
    Jack

    Hi Jack,
      I haven't checked yet but found this doc. Check if helps.
    User Overview;
    http://help.sap.com/saphelp_nw04/helpdata/en/20/b7ced1025f3245b43d23184fc0212f/content.htm
    Managing Login sessions:
    http://help.sap.com/saphelp_nw04/helpdata/en/7e/aa610cc1dd8f4388b1df02fc362f0f/content.htm
    Monitoring and Logging of User Information:
    http://help.sap.com/saphelp_nw04/helpdata/en/f2/6a82270fd99844a65085bd90022fab/content.htm
    Don't forget to reward points if helped.
    Regards,
    Harini S

  • Question about redirecting user when session expires

    I have several pages that get and post variables sent to
    them. Is it possible to retain these values when the user's session
    expires? I want to be able to have the user re-log into the system
    and then have them redirected back to the page they were just on
    and preserver the get and post variables so that the data on the
    page can be rendered back to them

    is there anyway to manipulate the headers and store the
    information there and still have it accessible if the session were
    to time out?

  • GETTIN USER ID SESSION  AND CLEARING IT IN LOGOUT

    Hi
    i ve a action class in which i ve put in the user id in session .
    but for logout i dont ve session.. and
    i ve 3-4 pages (ie) the main page is admin.do but when i do..
    http://....... admin.do it opens and also when i try to do
    http://......xyz.do
    the page opens
    the page should not open when i do xyz.do
    if some1 does xyz.do then it should be redirected to login page(ie) admin.do
    i tried to do
    getRequest().getSession().getAttribute("userId", userInfo.getUserId() );in my xyz.do action class
    but i am not able to go get Attribute.. i get an error saying
    error msg
    The method getAttribute(String) in the type HttpSession is not applicable for the arguments
    (String, String)any suggestions?
    thankx

    this error means that you work this method in a wrong way.
    this method wants only one input(as a String).not two.
    this method works like the HashMap class get(Object key).
    i mean that you have one key for each value is saved in HttpSession.
    take a look at this code below,maybe will understand better what I'm trying to say.
    this code is from the book:
    "advanced java 2 platform,how to program"(this book is really very good).
    Informations are in www.deitel.com.
    now available this one:"Java How to Program, 7/e"
    1 // Fig. 9.24: SessionServlet.java
    2 // Using HttpSession to maintain client state information.
    import javax.servlet.*;
    import javax.servlet.http.*;
    import java.io.*;
    import java.util.*;
    9
    10 public class SessionServlet extends HttpServlet {
    11 private final Map books = new HashMap();
    12
    13 // initialize Map books
    14 public void init()
    15 {
    16 books.put( "C", "0130895725" );
    17 books.put( "C++", "0130895717" );
    18 books.put( "Java", "0130125075" );
    19 books.put( "VB6", "0134569555" );
    20 }
    21
    22 // receive language selection and create HttpSession object
    23 // containing recommended book for the client
    24 protected void doPost( HttpServletRequest request,
    25 HttpServletResponse response )
    26 throws ServletException, IOException
    27 {
    28 String language = request.getParameter( "language" );
    29
    30 // Get the user's session object.
    31 // Create a session (true) if one does not exist.
    32 HttpSession session = request.getSession( true );
    33
    34 // add a value for user's choice to session
    35 session.setAttribute( language, books.get( language ) );
    36
    37 response.setContentType( "text/html" );
    38 PrintWriter out = response.getWriter();
    39
    40 // send XHTML page to client
    41
    42 // start XHTML document
    43 out.println( "<?xml version = \"1.0\"?>" );
    44
    45 out.println( "<!DOCTYPE html PUBLIC \"-//W3C//DTD " +
    46 "XHTML 1.0 Strict//EN\" \"http://www.w3.org" +
    47 "/TR/xhtml1/DTD/xhtml1-strict.dtd\">" );
    48
    49 out.println(
    50 "<html xmlns = \"http://www.w3.org/1999/xhtml\">" );
    51
    52 // head section of document
    53 out.println( "<head>" );
    54 out.println( "<title>Welcome to Sessions</title>" );
    55 out.println( "</head>" );
    56
    57 // body section of document
    58 out.println( "<body>" );
    59 out.println( "<p>Welcome to Sessions! You selected " +
    60 language + ".</p>" );
    61
    62 // display information about the session
    63 out.println( "<p>Your unique session ID is: " +
    64 session.getId() + "<br />" );
    65
    66 out.println(
    67 "This " + ( session.isNew() ? "is" : "is not" ) +
    68 " a new session<br />" );
    69
    70 out.println( "The session was created at: " +
    71 new Date( session.getCreationTime() ) + "<br />" );
    72
    73 out.println( "You last accessed the session at: " +
    74 new Date( session.getLastAccessedTime() ) + "<br />" );
    75
    76 out.println( "The maximum inactive interval is: " +
    77 session.getMaxInactiveInterval() + " seconds</p>" );
    78
    79 out.println( "<p><a href = " +
    80 "\"servlets/SessionSelectLanguage.html\">" +
    81 "Click here to choose another language</a></p>" );
    82
    83 out.println( "<p><a href = \"sessions\">" +
    84 "Click here to get book recommendations</a></p>" );
    85 out.println( "</body>" );
    86
    87 // end XHTML document
    88 out.println( "</html>" );
    89 out.close(); // close stream
    90 }
    91
    92 // read session attributes and create XHTML document
    93 // containing recommended books
    94 protected void doGet( HttpServletRequest request,
    95 HttpServletResponse response )
    96 throws ServletException, IOException
    97 {
    98 // Get the user's session object.
    99 // Do not create a session (false) if one does not exist.
    100 HttpSession session = request.getSession( false );
    101
    102 // get names of session object's values
    103 Enumeration valueNames;
    104
    105 if ( session != null )
    106 valueNames = session.getAttributeNames();
    107 else
    108 valueNames = null;
    109
    110 PrintWriter out = response.getWriter();
    111 response.setContentType( "text/html" );
    112
    113 // start XHTML document
    114 out.println( "<?xml version = \"1.0\"?>" );
    115
    116 out.println( "<!DOCTYPE html PUBLIC \"-//W3C//DTD " +
    117 "XHTML 1.0 Strict//EN\" \"http://www.w3.org" +
    118 "/TR/xhtml1/DTD/xhtml1-strict.dtd\">" );
    119
    120 out.println(
    121 "<html xmlns = \"http://www.w3.org/1999/xhtml\">" );
    122
    123 // head section of document
    124 out.println( "<head>" );
    125 out.println( "<title>Recommendations</title>" );
    126 out.println( "</head>" );
    127
    128 // body section of document
    129 out.println( "<body>" );
    130
    131 if ( valueNames != null &&
    132 valueNames.hasMoreElements() ) {
    133 out.println( "<h1>Recommendations</h1>" );
    134 out.println( "<p>" );
    135
    136 String name, value;
    137
    138 // get value for each name in valueNames
    139 while ( valueNames.hasMoreElements() ) {
    140 name = valueNames.nextElement().toString();
    141 value = session.getAttribute( name ).toString();
    142
    143 out.println( name + " How to Program. " +
    144 "ISBN#: " + value + "<br />" );
    145 }
    146
    147 out.println( "</p>" );
    148 }
    149 else {
    150 out.println( "<h1>No Recommendations</h1>" );
    151 out.println( "<p>You did not select a language.</p>" );
    152 }
    153
    154 out.println( "</body>" );
    155
    156 // end XHTML document
    157 out.println( "</html>" );
    158 out.close(); // close stream
    159 }
    160 }

  • Kill user's session via ABAP (like in SM04)

    Does anybody knows is it possible to kill user's session via ABAP? Not all session like via  TH_DELETE_USER, but selectively, session by session.
    Maybe someone know how to trace which logic works when we press "Close session" button in SM04?

    Hi Michael,
    below a snippet to retrieve the sessions and a way to delete a TID.
    Maybe it come in handy for your requirement.
    Best,
    Sander
    INCLUDE tskhincl.
       DATA lt_userlist TYPE STANDARD TABLE OF uinfo.
       DATA ls_userlist TYPE uinfo.
    CALL 'ThUsrInfo' ID 'OPCODE' FIELD opcode_list
             ID 'TABUSR' FIELD lt_userlist .
    CALL 'ThUsrInfo' ID 'OPCODE' FIELD opcode_delete_usr
         ID 'TID' FIELD ls_userlist-tid.

  • Disable user and session tracking?

    Hi there?
    We would like to use Application Insights for everything except user and session tracking.
    How can i disable these features in AI (we may not use cookies in our site)?
    My guess is to change the applicationinsights.config file as below. Is there any documentation about the configuration file, right now im only guessing...
    Cheers
    /Niclas
    <?xml version="1.0" encoding="utf-8"?>
    <ApplicationInsights xmlns="http://schemas.microsoft.com/ApplicationInsights/2013/Settings" schemaVersion="2014-05-30">
    <!--
    Learn more about Application Insights configuration with ApplicationInsights.config here:
    http://go.microsoft.com/fwlink/?LinkID=513840
    -->
    <TelemetryModules>
    <Add Type="Microsoft.ApplicationInsights.Extensibility.Implementation.Tracing.DiagnosticsTelemetryModule, Microsoft.ApplicationInsights" />
    <Add Type="Microsoft.ApplicationInsights.Extensibility.RuntimeTelemetry.RemoteDependencyModule, Microsoft.ApplicationInsights.Extensibility.RuntimeTelemetry" />
    <Add Type="Microsoft.ApplicationInsights.Extensibility.PerfCollector.PerformanceCollectorModule, Microsoft.ApplicationInsights.Extensibility.PerfCollector" />
    <Add Type="Microsoft.ApplicationInsights.Extensibility.Web.WebApplicationLifecycleModule, Microsoft.ApplicationInsights.Extensibility.Web" />
    <Add Type="Microsoft.ApplicationInsights.Extensibility.Web.RequestTracking.TelemetryModules.WebRequestTrackingTelemetryModule, Microsoft.ApplicationInsights.Extensibility.Web" />
    <Add Type="Microsoft.ApplicationInsights.Extensibility.Web.RequestTracking.TelemetryModules.WebExceptionTrackingTelemetryModule, Microsoft.ApplicationInsights.Extensibility.Web" />
    <!-- <Add Type="Microsoft.ApplicationInsights.Extensibility.Web.RequestTracking.TelemetryModules.WebSessionTrackingTelemetryModule, Microsoft.ApplicationInsights.Extensibility.Web" />
    <Add Type="Microsoft.ApplicationInsights.Extensibility.Web.RequestTracking.TelemetryModules.WebUserTrackingTelemetryModule, Microsoft.ApplicationInsights.Extensibility.Web" /> -->
    </TelemetryModules>
    <ContextInitializers>
    <Add Type="Microsoft.ApplicationInsights.Extensibility.BuildInfoConfigComponentVersionContextInitializer, Microsoft.ApplicationInsights" />
    <Add Type="Microsoft.ApplicationInsights.Extensibility.DeviceContextInitializer, Microsoft.ApplicationInsights" />
    <Add Type="Microsoft.ApplicationInsights.Extensibility.MachineNameContextInitializer, Microsoft.ApplicationInsights" />
    <Add Type="Microsoft.ApplicationInsights.Extensibility.Web.AzureRoleEnvironmentContextInitializer, Microsoft.ApplicationInsights.Extensibility.Web" />
    </ContextInitializers>
    <TelemetryInitializers>
    <Add Type="Microsoft.ApplicationInsights.Extensibility.Web.TelemetryInitializers.WebOperationNameTelemetryInitializer, Microsoft.ApplicationInsights.Extensibility.Web" />
    <Add Type="Microsoft.ApplicationInsights.Extensibility.Web.TelemetryInitializers.WebOperationIdTelemetryInitializer, Microsoft.ApplicationInsights.Extensibility.Web" />
    <Add Type="Microsoft.ApplicationInsights.Extensibility.Web.TelemetryInitializers.WebUserTelemetryInitializer, Microsoft.ApplicationInsights.Extensibility.Web" />
    <Add Type="Microsoft.ApplicationInsights.Extensibility.Web.TelemetryInitializers.WebSessionTelemetryInitializer, Microsoft.ApplicationInsights.Extensibility.Web" />
    </TelemetryInitializers>
    </ApplicationInsights>

    I'm not sure if we have a documentation about this somewhere yet. But your guess was right. You can remove 2 modules and AI will not read and set cookies.
    Another option is to disable cookie setting but not reading. You would want this if you have JS SDK that sets cookies and you want Web SDK to read it and apply to server telemetry types.
    <Add Type="Microsoft.ApplicationInsights.Extensibility.Web.RequestTracking.TelemetryModules.WebSessionTrackingTelemetryModule, Microsoft.ApplicationInsights.Extensibility.Web" >
    <SetCookie>false</SetCookie>
    </Add>
    There are also 2 telemetry initializers for user and session. They take session and user from RequestTelemetry that was created by WebSdk and initialized in that modules and apply same session to other telemetry types like events and exceptions. If you cut
    modules you can cut telemetry initializers as well.
    Anastasia

  • VZ access manager is already running in another user's session

    Help! My parents currently use an USB Modem - I think the 551 L - for their internet access. They have been receiving the following message:
    VZ access manager is already running in another user's session
    They do not have a wireless router installed.
    Help please!

    VZAccess can only connect one user/session at a time.  Either your parents did not properly shutdown VZA the last time they used it or the USB Modem is not hanging up its previous connection.
    The easiest thing to do would be to reinstall VZA on that computer and see if the problem goes away.  Ask your parents to disconnect the Modem before logging off or shutting down the computer to reduce the chance of the problem coming back.

  • Portal WebService User Authentification error

    Hello all,
    I created a portal webservice similar to the one described in tutorial "Creating a Web Service in Enterprise Portal 6.0".
    When I tried to test it in Enterprise Portal Web Services Checker I got the error below:
    <b>The User Authentification is not correct to access to the Portal Service com.sap.portal.prt.soap.ContentService or the service was not found.</b>
    I already added group Everyone to my service in Portal Permissions and it still does not work.
    I read weblogs below but none helped me:
    1 - Unable to access portal service from web service..........urgent
    2 - IllegalAccessError when calling a WebService
    I checked the proxy settings and it seems to be ok.
    Does anyone have another suggestion?
    Regards,
    Mauricio

    I found the reason.
    I did not check End User checkbox for the Everyone group we inserted into Permissions of the Web Service.
    Regards,
    Mauricio

  • KM Navigation - user authentification

    Good morning,
    When the user visualize documents, in some occasions appeard pop-up of user authentification appears, although to cancel opens  the document. 
    Why does it request validation? 
    thankss, regards,
    Mercedes

    Hi Mercedes,
    Please refer to this Weblog.
    /people/john.mittendorf/blog/2005/07/29/disabling-secondary-popup-when-accessing-office-2003-documents-through-km
    It explains the cause of the secondary user authentication popup along with the solution for the same.
    All the best!
    Warm Regards,
    Ritu R Hunjan

Maybe you are looking for

  • Has anyone used BBP_CT_UPD_SCHEMA_MAPPING succesfully?

    Hello All, I was trying to programmatically load/update external category mappings using BADIs like BBP_CT_UPD_SCHEMA_MAPPING.  Has anyone done this sucessfully?  If so, can you provide sample code? Thanks in advance for any assitance. Regards, Dean.

  • Is it possible to do In Line RegEx

    I know this is probably not possible, but want to throw it out there to see if anyone was able to accomplish this. I am writing automation scripts to add users to different AD Groups and SCCM User Collections. The command I am having an issue with in

  • Client Copy on SAP NetWeaver ABAP Trial

    Hi all, I've installed the ABAP trial from SDN and it works fine. In my leisure time I want to get some basis know-how. I bought the great book from Frank Föse, Sigrid Hagemann and Liane will about the system administration of an ABAP system. Now I w

  • How to upgrade java version

    We are at J2SDk14209. We want to upgrade to the latest j2sdk14212. what needs to be done on XI side? Thanks, Bhaskar

  • Changing Natural Account Type

    Dear Experts, in One of our Implementation we taken one account as Asset Type but that should be expense Type, and We recorded some transactions on it, Later we realized the same, Now what process we have to follow to correct that account type from A