User sessions in a jsp

Hi,
The problem is : I have a few links within a document which take me to login page of my application. When I click on each of these links, a separate browser window is opened. I want the link to be opened in the same window if the user is logged in previously and I am using a jsp to process login when the user clicks on the link. Im sure we cannot get the session information of a user who has already logged in as this would violate security. Any ideas about this ?

Use the built-in session management. Make sure you encode your URLs so that URL rewriting can be used if the browser does not support cookies. See the servlet spec if you need more details.

Similar Messages

How to Handle user Session in JSP

Help me,
How to handle user session in JSP.......

Prakash_Pune wrote:
tell me some Debugging tech. so i can overcome from my problem.....Do you use an IDE? Any IDE ships with a decent debugger where in you can just execute the code step by step, explore the current variable values and check what exactly is happening. For example Eclipse or IntelliJ. If you don´t use an IDE, then just place some System.out.println() or Logger.debug() statements at strategic locations printing the variables of relevance so that you can track in logs what exactly is happening.
or tell any other way to find is my page is thread safe or not...Just write correct code and narrow the scope of the variables as much as possible. If you for example assigned the user object to a static variable or as a servlet´s instance variable, then exactly the same user object would be used everywhere in the application. That kind of logical things.

Implementing session timeout in JSP - - Urgent help !

Hi
I have a requirement where I need to write a session timeout functionality in a JSP such that the page is redirected to a different page if there is no activity for 5 min.
I tried the following :
1.On the onload of my JSP, i created a new session from the current request using the following code snippet :
          HttpSession pSession = request.getSession(true);
          pSession.setAttribute("loggedin","true");
          pSession.setMaxInactiveInterval(10);
2. Then on any action performed on the JSP, i called the collowing JS function before invoking the server side code.
/** function to check the user session **/
function fnChkSession()
     alert('Inside check session');
     <%
          try
               System.out.println("The value of the session var loggedin : "+pSession.getAttribute("loggedin").toString());
               System.out.println(" getMaxInactiveInterval() value is : "+pSession.getMaxInactiveInterval());
          catch (Exception e)
               System.out.println("** Inside the fnChkSession exception catch block **");
          if (pSession.getValue("loggedin") == null)
     %>
          alert('Session has expired');
          document.forms[0].submit();
     <% } %>
But when I execute this code ,even after 10 secs my session seems to be alive.I can retrieve the session attribute after 10s.
I also tried setting the session-timeout value in the web.xml. It didnt work.
Can anyone pls help me on how to proceed further on this.
Thanks
Arun B

You are confusing java with javascript.
These two things are not the same.
The lifecycle goes something like this
1 - Request is made to server
2 - Java/JSP runs java code, produces HTML page
3 - java stops running
4 - html is sent to browser, and javascript starts running.
You cannot call java code from browser events (such as onload, onclick, onchange...) The only way to run java code again is to submit a request (normally by submitting a form, or clicking a link. )
If you want a javascript solution, in IE, use the window.setTimeout() method to execute some javascript code after a certain period of time.
A more generic approach would be to use the refresh header. Set the timeout for the refresh header to be 300 seconds. If the user stays on the same page for more than 5 minutes, it will redirect to the new page.
Hope this helps,
evnafets

How to use session object in jsp

hi all
marry christmas
can anyone plz tell me how to use session obect in jsp
rachna
Message was edited by:
rachna_arora82

hi rachna,
JSP has a default(implicit) session object...... use the getSession(true) method on the session object and then going u can either get or set attributes depending on the requirement
That was in general and now with the issue u have got..... what u can do is that the u can create session for every user who logs in and when he/she tries to login again then u can probably check for the existing session object in the JSP and perform the logic as required..... any clarifications plzzzzzzz let me know
Thanks n Regards
Naveen M
Message was edited by:
Novice_inJAVA
Message was edited by:
Novice_inJAVA

Session problem in JSP portlet

Hi,
I have a jsp portlet. In this jsp i am creating a session and i am putting some value in session. There is navigation from this jsp to second jsp(not portlet) and from this jsp to third jsp(again this is also not a portlet). Now in third jsp i am trying to retrieve the value from session. But i am getting null value.
In provider i given <session>true</session> element. While registering provider with portal given login frequency 'once per user session'.
The code in first jsp is:
PortletRenderRequest portletRequest = (PortletRenderRequest) request.getAttribute(HttpProvider.PORTLET_RENDER_REQUEST);
ProviderSession mySession = portletRequest.getSession();
if(mySession != null){
mySession.putValue(PortletRendererUtil.portletParameter(portletRequest.getPortletReference(), "const"), str);
From the code i found that the session itself is not created.
Sorry for the lengthy question.
Pls. help me.
Rgds,
CRM.
null

To share a session between a web provider and other JSPs or Servlets, you need to make sure the "Same Cookie Domain" checkbox is checked AND your session cookie is scoped to a common domain (eg us.oracle.com)
See documents on session handling and Integrating Password Protected Applications into Oracle Portal - downloadable from portalstudio.oracle.com.
review the section on "deep links" in the second article.

Problem in implements ADF Faces: Detecting and handling user session expiry

Hello everybody
I´m trying to implement a method to handle user session expiry as explained by frank nimphius in his blog.
http://thepeninsulasedge.com/frank_nimphius/2007/08/22/adf-faces-detecting-and-handling-user-session-expiry/
I have implemented the class bellow and add the filters in web.xml. However when I add the JavaServer Faces Servlet to sign the filter, my hole application get nuts. I try to publish the applicatoin in the OAS and it seems that it already starts expired.
Someone konw what I´m doing wrong?
I use the filter
<filter>
<filter-name>ApplicationSessionExpiryFilter</filter-name>
<filter-class>adf.sample.ApplicationSessionExpiryFilter</filter-class>
<init-param>
<param-name>SessionTimeoutRedirect</param-name>
<param-value>SessionExpired.jspx</param-value>
</init-param>
</filter>
then I add
XML:
<filter-mapping>
<filter-name>ApplicationSessionExpiryFilter</filter-name>
<servlet-name>Faces Servlet</servlet-name>
</filter-mapping>
package adf.sample;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
this is the class
public class ApplicationSessionExpiryFilter implements Filter {
private FilterConfig _filterConfig = null;
public void init(FilterConfig filterConfig) throws ServletException {
_filterConfig = filterConfig;
public void destroy() {
_filterConfig = null;
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
String requestedSession = ((HttpServletRequest)request).getRequestedSessionId();
String currentWebSession = ((HttpServletRequest)request).getSession().getId();
boolean sessionOk = currentWebSession.equalsIgnoreCase(requestedSession);
// if the requested session is null then this is the first application
// request and "false" is acceptable
if (!sessionOk && requestedSession != null){
// the session has expired or renewed. Redirect request
((HttpServletResponse) response).sendRedirect(_filterConfig.getInitParameter("SessionTimeoutRedirect"));
else{
chain.doFilter(request, response);
I'm really having trouble controlling user sessions. if someone know where I can get materials to learn how to implements session in Jdev ADF + BC, I´m very grateful.
Thank you Marnie

The class works fine.. the issue is when I add the this code into web.xml
<filter-mapping>
<filter-name>ApplicationSessionExpiryFilter</filter-name>
<servlet-name>Faces Servlet</servlet-name>
</filter-mapping>
bellow the web.xml
<?xml version = '1.0' encoding = 'windows-1252'?>
<web-app>
<description>Empty web.xml file for Web Application</description>
<context-param>
<param-name>javax.faces.STATE_SAVING_METHOD</param-name>
<param-value>client</param-value>
</context-param>
<context-param>
<param-name>CpxFileName</param-name>
<param-value>userinterface.DataBindings</param-value>
</context-param>
<filter>
<filter-name>ApplicationSessionExpiryFilter</filter-name>
<filter-class>view.managedBean.ApplicationSessionExpiryFilter</filter-class>
</filter>
<filter>
<filter-name>adfFaces</filter-name>
<filter-class>oracle.adf.view.faces.webapp.AdfFacesFilter</filter-class>
</filter>
<filter>
<filter-name>adfBindings</filter-name>
<filter-class>oracle.adf.model.servlet.ADFBindingFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>ApplicationSessionExpiryFilter</filter-name> ==> the problem occurs when I try to add this code
<servlet-name>Faces Servlet</servlet-name>
</filter-mapping>
<filter-mapping>
<filter-name>adfFaces</filter-name>
<servlet-name>Faces Servlet</servlet-name>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>adfBindings</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>adfBindings</filter-name>
<url-pattern>*.jspx</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet>
<servlet-name>resources</servlet-name>
<servlet-class>oracle.adf.view.faces.webapp.ResourceServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/faces/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>resources</servlet-name>
<url-pattern>/adf/*</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>1</session-timeout>
</session-config>
<mime-mapping>
<extension>html</extension>
<mime-type>text/html</mime-type>
</mime-mapping>
<mime-mapping>
<extension>txt</extension>
<mime-type>text/pain</mime-type>
</mime-mapping>
</web-app>
By the way, how can I post code on the forum properly?

Calling Session Beans in JSP ?

Hi Folks,
I am new to EJB3, I am doing simple applicatuions.
Can any one please tell me how to call session beans in jsp page.
for example my case is.. iam entering two diffrent data, lets say user name and password in jsp page and this should go in data base thru JPA (entity beans)
Iam able to enter data from JPA in data base but if the same i have to fetch from JSP page.. iam not getting..!
I would really appretiate for your help i need it urgent...!
thanks in advance.

abishek1983 wrote:
Hi Folks,
I am new to EJB3, I am doing simple applicatuions.
Can any one please tell me how to call session beans in jsp page.
Not. You can, technically, but you shouldn't. JSP should be for display purposes only, containing no Java code whatsoever.
for example my case is.. iam entering two diffrent data,Wrong. You cannot possibly have "2 data", the very concept is impossible.
You can have "2 data items" which is probably what you intended to say?
lets say user name and password in jsp page and this should go in data base thru JPA (entity beans)
Iam able to enter data from JPA in data base but if the same i have to fetch from JSP page.. iam not getting..!
Same way you insert them. Of course JPA entities are distinctly different from entity beans. The very concept of entity beans no longer exists in the context of JPA, it's solely used to mean EJB 2.1 or earlier entity beans.
I would really appretiate for your help i need it urgent...!
It's not urgent.

html:select : put each collection of country names in each user session?

Hi,
I have different <html:select> elements in my JSP. The options are filled with collections (country list, city list...).
What is the best way to do for country for example? To retrieve all the country name from the database, put it in a arrayList for EACH user session. Or, put it in an application element?

If it's not going to change for users, I'd store it in the application scope. No point to having multiple copies of the same information.

Session Maintenance in JSp-- Servlet-- JSP

Iam making a browser based Financial Aplication so I want to introduce sessions into it.
My First page is a JSP which takes username and Password. Then it calls a servlet.
So my Problems are-
1. Iam able to start session from servlet (which validates username and password) but after that in the apllication some JSp's are there like for search options so how to maintain sessions in JSP's ?
2. When user quits browser and then opening a browser and directly types a JSP page which is in-between the flow this JSP opens up whereas i want the user to go from starting as its a security loop hole.
So how to maintain a session in a JSP (ie when control passes from Servlet to JSP at that time)?
Plz Help me
Thanks in advance

Hi Innova,
There is a solution .I think while validating the login page entries u should maintain a session variable and give it some constant value if the entered values are valid.And now u should always check this sesson variable for that constant value [ if(session.getParameter("s")==constvalue) ] only then u proceed further else diaplay an error message or link prompting to login
I hope it will work fine check it out.
GoodLuck.
Bye......

IdM Anonymous user sessions for password resets

I am currently working on an update to a self service password reset customization through the IdM anonymous user interface. I am having issues with SIM not closing the anonymous sessions, once a user attempts an anonymous reset. Anytime one of the idm/user/anon****.jsp pages are accessed SIM logs in as the "Reset" user, so then any user that tries to go back to update their challenge questions, gets "...view acess denied to subject Reset...", as if SIM doesn't relize they are back in their user session. Question:
1. If I use any anon***.jsp pages for any process/workflow launches, for self service, must I handle the logoff of that anonymous session? Currently it looks like a custom logoff and redirect is working, but I was wondering if this is the preferred way to approach this?

Yes, solved a long time ago but yes, I did find a fix for this. Turns out we had multiple issues but did work through them.
First, make sure the LDAP user is NOT Directory Manager or Admin or ANY other ID used for multiple purposes such as a privileged user that also makes changes via other tools. I created a new user in LDAP only for IDM purposes and give it the permissions needed: uid=idmsync,..... The permissions we gave were in essence the same as Directory manager as IDM is used in our case to manage LDAP as well.
Then add in the listening resource to exclude any changes from the uid=idmsync user.
In the changelog stream then all changes by IDM come down as idmsync. But other changes will come through as directory manager or someone else. But by filtering idmsync changes you prevent an infinite loop. eg. IDM sets LDAP generates change to IDM sets LDAP generates change to IDM... However other user changes will be processed without the infinite looping.
From an efficiency perspective, we also spent time refining the active sync forms. But all worked well by production turnover, which was well over a year ago.

Query for Last page visit by user/session and get version # of current page

Hi Guru's,
Any have a query to retrive last page visited by user / session? Somewhere from apex view fir 3.0 or later version? Also looking for query to get version number of current page

RequestCtx.getResponsibilityId() should return you the Responsibility Id &
RequestCtx.getUserId() should return the User Id.
As I understand RequestCtx values are always available in the JSP Page. Kindly check again.

How to retrieve User Session in Xcelsius 2008

Hi
I am currently building dashboards with some securities on display. The dashboards have to show different views (e.g. Manager view with full access of data and Employee view with partial access of data) for different users, and I expect to get the user information (particularly user name) from the BO user session for making the security decision.
I can successfully retrieve the user session from Dashboard [url button] to JSP using openDocument (by looking at the cookies), but it seems that I have no way to import the data back to the Dashboard. When I am using Data Manager > XML Data (With XML datasource is a JSP file), it seems the user session cannot be retrieved.
So, my question is, how to retrieve the user Name in Xcelsius 2008 ?
Any help is greatly appreciated.

Hi,
we did also some research activities about Xcelsius. We are passing the user name to the Xcelsius via Webservice. Based on the portal integration, you do not have to care about the authentication to the Webservice. This does the Enterprise Portal for you. For the integration, we are currently using a BSP solution. In this way, you can get the user name very simple:
sy-uname
You can put into the Webservice or provide it as Flash Variable to the Xcelsius in the <OBJECT> tag.
Take care,
Thomas

My User session doesn't open, help me plz

This morning when I open it, I want enter in my user session so I enter my password and i'm wait.. but after 5 mins my session doesn't open and the loading bar is blocked on 1/3 of it. I search a solution since 11am and I doesn't find a solution for my problem. I make a demand at apple to call me tomorrow morning but I'm desperate with this problem. Who can help me with? I don't know why this occurrence appeared because yesterday when I close it, all was ok. The only thing which was new on my Mac when I close it its my MacKeeper Premium. I bought a licence of 24 months. I make a anylise before close and nothing is detected.
I test Reinstal OS X but they say than my Disk is blocked with a password, when a enter my password they says is doesnt good password but i know that is good because I enter the same passwords every where when a configure my Macbook Pro.
Im not sur if I enter good operating system and I don't know how check that because I dont have a acces on my finder.
I'm a beginner with Mac system

You need to create a JSP report from JDev's new object gallery from 'File -> new... -> Reports Objects', so that the project settings can be prepared to run JSP report.
If you want to run JSP report on a standalone Reports server, put 'server=<server_name>' in 'parameters' attribute of <rw:report> JSP tag.
You can also use rwservlet's in-process Reports server, by not specifying 'server=...' in 'parameters' attribute. No standalone Reports server is needed. Make sure JVM is set to'hotspot' in JDev's project settings -> runner.
When running JSP in JDev, it uses JDev's embedded oc4j web server.
Regards,

How to know if user (session) is authenticated in other application (SSO)

Hi folks!
We've deployed various J2EE applications in some OC4J instances. So far the applications used SSO Authentication against OiD (LDAP), but we need a public access application.
The problem is the following: we need a different behaviour in this last application (without authentication characteristics) depending on one user is authenticated within other application that required SSO login.
How could check if current user (session) si authenticated against SSO, for example, in ADF-STRUTS DataAction class?
We tested the gerRemoteUser() method but is only works within the applications requering login.
Please, anyone could guide me?
Mike
Thanks!

Hi,
Oracle AS Single Sign ON stores some of the attributes of an authenticated user in a browser cookie - the name of the Cookie is SSO_ID.
You cannot get any information from this Cookie. The Cookie is avaliable only to the Oracle AS Single Sign ON and is meant to be used only by it. You cannot read any useful information from the Cookie as it is higly encrypted.
If you need to know the name of the currently logged in user, your application should be a Partner Application or an External Applciation to Oracle AS Single Sign On.
The reason is simple - you can use your browser to connect to many Websites protected by Oracle AS Single Sign ON. Thus, if your application isn't a Partner or an External Application registered with SSO, your application can't establish a context.
Hence, your application needs to be registered as a Partner Application or an External Application with SSO.
An application which is nto registered with SSO cannot get the User information from SSO. The getRemoteUser() method would always return a null in such cases.
Regards,
Sandeep

Daily report for user sessions in oracle10g database

I would like to genarate the daily report for user sessions in oracle10g database
daily report of how many of sessions present in oracle database for each user

Thanks for link ( I know you always post the oracle document link here)
But I am expecting scripts( someting like logon trigger and logg off trigger) to genarate the user session report.

User sessions in a jsp

Similar Messages

Maybe you are looking for