Validity of session

Hi All,
I am using servlet as controller and jsp to display the information. In servlet, I am checking the validity of the session and getting the variable information which I stored in the session and calls JSP page. Do I need to check the validity of session in JSP page also?
Thanks,
-Vijay

vijay
if u are using the session variable in the jsp page u need to check whether the session exists in the jsp page
or else u need not
surya

Similar Messages

APEX to EBS(R12.1.3) integration, Error while validating ICX session

Hi,
We have successfully integrated APEX page into EBS, i.e. we are able to invoke the APEX page from EBS Responsibility/Menu.
for APEX integration, we have installed APEX on separate OHS on the same server as EBS (and same domain) and in the Form Function HTML call we are using "GWY.jsp?targetAppType=APEX&p=160:10::" to invoke the APEX page.
Issue is, the APEX page displays error "ORA-06502: PL/SQL: numeric or value error: character string buffer too small", which we are not able to capture or supress.
but the page functions as expected and insert/update of tables working fine, in short everything is as expected except that error message.
In Before Header we are calling a custom procedure, which invokes "wfa_sec.getsession( l_username);" to validate the ICX session, this is raising the error.
when i try call "ICX_SEC.getsessioncookie" before the above procedure, it returns valid Session ID and call to "ICX_SEC.check_session" returns VALID; i am not sure why it is throwing error to validate an available Valid session?
All we want is to use the same ICX session in APEX page without need to pass the User name/password or re-login in APEX or set the User/Responsibility context again.
any help would be appriciated.
Rgds,
-Kamal
Edited by: Kamal on 30-Oct-2012 01:11

Try changing your target to:
GWY.jsp?targetAppType=APEX&p=160:10:::Yeswhich will enable debugging when launched.
Are you selecting information from icx_sessions into some variables (user_id, responsibility_id etc) for use in the VPD?
There isn't really any need to "wfa_sec.getsession( l_username);" - the following query should give you everything you need for an EBS context:
SELECT s.user_id,
        s.responsibility_id,
        s.responsibility_application_id,
        s.security_group_id,
        u.user_name
FROM icx_sessions s,
        fnd_user u
WHERE u.user_id = s.user_id
    AND s.session_id = icx_sec.getsessioncookie
    AND s.last_connect + NUMTODSINTERVAL( time_out, 'MINUTE') > SYSDATE;Select those into some protected application variables and then use fnd_global.apps_initialize() in the "initialization pl/sql code" section of APEX (VPD).
Then if you need anything in your application, you can use the variables in fnd_global (or the application items of course).

Is a Servlet-Filter which serializes requests in the same user session ok?

The Servelt specification states that the Web-Application is itself responsible for synchronizing access to HttpSessions. It is from the serversite not possible to prevent multiple threads to access the same HttpSession (i.e. the user could always open a second window, retransmit a form etc). My assumption is that while this does not happen often it can happen and therefore I think each access to the HttpSession must be synchronized. For a further discussion see http://forum.java.sun.com/thread.jsp?forum=4&thread=169872 .
Concurrent programming is generally complicated and errorprone. At least in developing JSPs it is inconvenient and easy to forget. My Web-App uses often HttpSession and it can be used in different not predefined places, so I had the idea to implement a ServletFilter which serializes threads which happen in the same session. This involves certainly some overhead. However for the advantages of easier code maintains and higher consistency I am ready to pay this overhead.
My question is generally what you think of this approach and second whether the way I implemented the Filter works.
The Filter actually generates for each Request an HttpServletRequestWrapper which intercepts calls to getSession and on call aquires a Lock so that other threads have to wait for the same Session. The lock is released when the doFilter method of the Filter returns. So threads run concurrently until the first access to the Session and from there they are serialized until the end of the Request.
For the details I will give the code for the Filter and the Wrapper (that?s all the code needed except the ReentrantLock which is Doug Lea?s implementation http://gee.cs.oswego.edu/dl/classes/EDU/oswego/cs/dl/util/concurrent/intro.html )
the Filter
public class SessionThreadFilter implements Filter
public static final String MUTEXT_IN_SESSION_KEY = "org.jaul.filter.SessionThreadFilter.MUTEX";
//constructor, init, destroy methods do nothing
public void doFilter(ServletRequest reqIn,ServletResponse res,FilterChain filterChain)
    throws IOException, ServletException
    //if req not instanceof of HttpRequest don't do anything
    if (!(reqIn instanceof HttpServletRequest))
      filterChain.doFilter(reqIn, res);
    } else
      HttpServletRequest req = (HttpServletRequest) reqIn;
      //We use a HttpRequestWrapper each time a user accesses
      //through this
      //Wrapper a Session is Lock is aquired. The filter method returns
      //the lock if it exists is released
      //each thread needs it's own wrapper so the wrapper itself
      //doesn't have to be synchronized
      SessionThreadRequestWrapper wrapper = new SessionThreadRequestWrapper(req);
      try{
        filterChain.doFilter(wrapper, res);
      }finally{
        ReentrantLock lock = wrapper.getLock();
        if (lock != null && lock.holds() != 0)
                   lock.release(lock.holds());
the Wrapper
final public class SessionThreadRequestWrapper extends HttpServletRequestWrapper {
private ReentrantLock lock = null;
   * Constructor for SessionThreadRequestWrapper.
   * @param arg0
public SessionThreadRequestWrapper(HttpServletRequest req){
    super(req);
   * @see javax.servlet.http.HttpServletRequest#getSession()
public HttpSession getSession(){
    return getSession(true);
   * @see javax.servlet.http.HttpServletRequest#getSession(boolean)
public HttpSession getSession(boolean construct){
    //this will get the session an the lock
    HttpSession session = getLockFromSession(construct);
    if (session == null) return null;
    //get a lock on the mutex
    try{
      lock.acquire();
    } catch (InterruptedException e){
      throw new IllegalStateException("Interrupted while thread waiting for session");
    //now we check again if the session is still valid
    try{
      session.getAttribute(SessionThreadFilter.MUTEXT_IN_SESSION_KEY);
    } catch (IllegalStateException e){
      //again we go recusively but first release the lock
      lock.release();
      lock = null;
      return getSession(construct);
    //after you got the lock you can return the session
    return session;
   * gets the lock from the session
   * @param construct
   * @return HttpSession
private HttpSession getLockFromSession(boolean construct){
    //test if it is a new Session
    HttpSession session = super.getSession(construct);
    //if is null no session was realy requested
    if (session == null) return null;
    //otherwise try to get the lock if necessery construct it
    //syncrhonized over session
    synchronized (session){
      //this migth throw an Exception if the session has been
      //invalidated in the mean time
      try{
        lock = (ReentrantLock) session.getAttribute(SessionThreadFilter.MUTEXT_IN_SESSION_KEY);
        if (lock == null){
          lock = new ReentrantLock();
          session.setAttribute (SessionThreadFilter.MUTEXT_IN_SESSION_KEY, lock);
        return session;
      } catch (IllegalStateException e){
        //the session has been invalidated before we tried to get the
        //lock we recursively call getLockFromSession
        //( assumption checked with Jetty: if the session is invalidated
        //and getSession is called on the thread a new valid session
        // should is returend)
        //I hope sometime you should get a valid session but I am not
        //sure. This is crucial for breaking of the recursion
        lock = null;
        return this.getLockFromSession(construct);
/** used by the Filter to get the lock so that it can release it
ReentrantLock getLock(){
     return this.lock;
}As stated I would be very thankful if you could check the code and give some commends.

synchronized (session){Are you sure that the session instance returned by two
concurrent calls to getSession(...) are the same? I
think that tomcat for instance may return different
instances for the same "logical " session, which would
break your scheme I think... Thank you (I did not know that on Tomcat). The same thing could also occur if another filter wrapped the Session.
That's indeed a problem,which I have already adressed in another thread, but did not get an answer. ( http://forum.java.sun.com/thread.jsp?forum=33&thread=412380). The already cited thread http://forum.java.sun.com/thread.jsp?forum=4&thread=169872 adresses the same problem, but the discussion there ends with the recomandation that you should synchronize on HttpSession as I did it. Also in other forums I've read so.
However like you I've at least strong doubts in this approach, so now my question is on what should I than generally for any access in any web-app syncrhonize the access to Http-Session as demanded by the Servlet specs.
A few not realy satisfying answers:
Synchronize on the HttpSession itself: I think still the best approach, but as you say is it guaranteed that the same instance of an HttpSession is given to each Request (in one Session)?
Synchronized on the HttpServlet: This only works if no other servlet (or jsp) accesses in the session the value with the same key ( of course only if the session itself is threadsave). In case of ThingleThread it is not possible at all there can be multiple instances (you could use a static variable)
Holding the object to synchronize on in applicaton scope or session scope: This obiously doesn't help, because somehow you have to obtain the lock and at least there you need another synchronize.Holding in application socpe is slow a static variable lock would be better there.
Synchronize on some static variable: This will work, but is very slow (each request not only in the same session would synchronize on this).
Hold a map in application scope, which holds for each Session-key a lock: Is probably faster than the static variable thing. However the access and the management of the Map (removing of unused locks etc.- Mabe you could use a WeakHashMap to collect the locks for not used keys anymore) is time consuming too and again the map must be accessed syncrhonasly by all requests.
Syncrhonize on the Filter (only in my case): This is as slow as the static variable approach because each request will use the same lock the one instance of the Filter.
So synchronizing on the session is propably the best approach if the same attribute name is accesed by different servlets. However if you say that some Web-Containers return different HttpSession instances for the same Session (which is legal according to the specification) this of course does not work.
So I have realy no clue on what to syncrhonize than. Now help is not only neede on my Thread serialization filter but on my generally Servlet prgromming.
May be you could help me for another synchronization aproach.

Problem in session variables

hi ,
Is it not correct to assume that ones we close the browser the session losts and all the session variables also?
Actually i have design an authentication page which takes userid and password from user and supply this to servlet which after authentication sets a variable "validity" in session to true.
And in every other jsp page first i m checking this variableis true or not if not then i m redirecting it to authentication page with this tag
<jsp:forward page="authentication.jsp" />
now if i have authenticated correctly and close browser and try to access other pages directly then browser allows me to access any page and infact when i print "validity" variable from session then it prints true. That means even after closing the browsing session remains.
I tried to print session id then after opening a new browser it is showing the same browser.
In web.xml file i have mentioned the session time to 60 minutes . Is it because of this?. If it then how these standard sites sun, yahoo maintains session time out as well as browser dependent session.
Right now what i have to do is before setting the variable i have reset the variable to null. But wher shud i reset the validity variable . in destroy method?
manish

Your problem is not due to session time out in the xml
file.
I think whenever you close your browser the session
does not exists.
Remember to invalidate the session while logging off.
It should workThat is not true. The session will exist for as long as the session timout option is set. Although invalidating the session at logoff is a good idea, there is no real method to force people to log off when the leave your site/close the browser.
There are a couple of possibilities why the session would still be used after a browser is closed, although normal behavior is to create a new one. The main reason is because the cookie on the browser that maintains the jsessionid is not destroyed. This often occurs in browsers like NS 7 with a "quick-load" app running in the taskbar area (next to the clock). These little parts of the application never close, and hold on to browser cache and cookies, so as to make it quicker to open and surf.
How do you ge around this? I do not know, except perhaps by preventing the session from using cookies for tracking...

Background jobs - AE session environment setup incorrect ?

Hi,
I am trying to accomplish a small email queue myself,
as due to the current privileges I have no access to the
HTML Mail queue myself.
Thus I stored emails to be send in a regular table..
Sofar so good.
In order to really email the pending messages, I have created a
procedure which loops through all the pending messages and pushes them into
the HTML email queue using :
htmldb_mail.send( p_to => '<'|| v_mail.eml_to ||'>',
p_cc => '<'|| v_mail.eml_cc ||'>',
p_from => '<'|| v_mail.eml_from ||'>',
p_SUBJ => v_mail.eml_subject,
p_body => v_mail.eml_body);
htmldb_mail.push_queue();
I have tested the procedure manually, and it works..
To be user independent I have created a DBMS_JOB which call above procedure once an hour,
but this will give me following error on all pending emails :
ORA-20001: This procedure must be invoked from within an application session.
So far I can interprete this message is that a specific session environment has to be setup,
which ofcourse DMBS_JOB is not doing.
Therefor I tried :
declare
v_job number;
begin
v_Job := htmldb_plsql_job.submit_process('mail_pkg.processMailQueue;');
end;
The job gets into the queue, and I suppose it will set the environment so that all will go ok.
Unfortunatly I do not see any activity on the pending emails.. It appears not to be executed at all,
and I do not see anything happening.
Now my question is how to submit a job using the correct HTMLDB session being setup ?
with kind regards,
Fred

Hi Jes,
By 'not having access to the mail queue' I mean I do not have the priveleges to look at the mail queue using the regular HTML DB userinterface....
HOME => Application Builder => Application Administration => Email configuration => Manage Email Queue
result :
You have requested access to a page which requires specific database privileges. Enter the credentials for a database account that has been granted the DBA role.
I can however submit new emails into the HMTL queue programmatically as described by using the HTMLDB api calls.
My programmed procedure just submits a new email to be send using the HTMLDB api calls.
If I call the amentioned procedure from within a 'legal' HTML session
HOME => SQL => SQL Commands
it is executed just fine...
Execution of amentioned procedure outside of a legal HTMLDB session, e.g. by a regular DBMS_JOB will give the amentioned error...
The question now is :
*) How to programmatically build or instate a valid HTMLDB session so the procedure being called will run as if it was called from within a legal session.
My procedure submitting the emails must first setup a valid HTMLDB session before
submitting any emails via the HTMLDB api.
I was thinking in lines of :
PROCEDURE myEmailProc IS
BEGIN
-- Instate session
HTMLDB_pkg.createValidSession(p_user => 'FRED', p_password=>'MyPassword');
-- Submit to the email queue
..................................... existing functionality comes here
END;
regards,
Fred

Many portals within one session?

Hello,
I have created three different portals which all need to authenticate
the user. Is it possible to get those three portals to use just one
login page, I mean that the user won't have to login more than once? How
are the sessions handled in Weblogic Servers? In weblogic.properties
file you define a sessioncomparator for every portal, for my portals I
am using com.beasys.commerce.portal.admin.PortalSessionComparator, but
Buy Beans example portal uses
com.beasys.commerce.axiom.jsp.DefaultSessionComparator, what is the
difference between these two classes? Allow autologin between browser
sessions can't be used.
I am using Weblogic 5.1 and Personalization Server 2.0.1 with Commerce
Server.
-Maarit-
Maarit Linnekoski          [email protected]
tel. +358 (0)9 2311 6649     AtBusiness Communications Oyj
fax +358 (0)9 2311 6601     Itälahdenkatu 19,
mobile +358 (0)50 569 3044     00210 HELSINKI, FINLAND

Hi Ture
I encounter the same problem for keeping login session across portals
In your example, your invoke the method
putSessionValue( SERVICMANAGER_USER, userLogin, request );
Would you please tell me, how can I get the value of userLogin
Thanks
Warren
Ture Hoefner wrote:
Hello Maarit,
Here are some answers for you.
I have created three different portals which all need to
authenticate
the user. Is it possible to get those three portals to use just one
login page, I mean that the user won't have to login more than once?
How
are the sessions handled in Weblogic Servers?Yes. You can navigate from portal to portal while maintaining the
logged-in state of your user. You can do this by setting the
"TRAFFIC.URI" request attribute equal to the URI of the portal you
want to go to and then use the PortalJspBase.putSessionValue( ) method
to put user and destination information into the session. Then you
could use the PortalJspBase.setLoggedIn( ) method to set the logged-in
status for the user in the new portal (also in the session) because
now when you set session values with methods of PortalJspBase, they
will be fixed up using the URI of the portal you will be going to.
Therefore, the setLoggedIn( ) method works like it were invoked from
the portal you will be going to. Then you could direct a request to
the other portal.
The PortalJspBase.putSessionValue( ) method "fixes up" the keys of
the stored values by prepending a string that uniquely identifies the
portal (made using the TRAFFIC.URI attribute) to avoid naming
collisions (see javadoc at
http://e-docs.bea.com/wlcs/javadoc/p13n/index.html ).
Below is an example I got from someone who implemented such a
solution (I have not tested it). They did not put values in the
session for SERVICEMANAGER_SUCCESSOR or
IMMUTABLE_SERVICE_MANAGER_HOME_PAGE, but they could have.
Make your first JSP page extend PortalJspBase and do something
like this (note that the constants that I have not declared come from
interfaces that are implemented by PortalJspBase (see javadoc):
<%! // Declaration
public static final String MY_PORTAL_NAME = "MyPortal"; // portalname
public static final String MY_PORTAL_URI = "/myportal"; // servlet name
public static final String MY_PORTAL_DIR = "/myportal"; // workingdir
%>
<%
// Get MyPortal
String workingDir = MY_PORTAL_DIR;
String thePage = getPortalManager(request)
.getPortalFor(MY_PORTAL_NAME).getContentURL();
// Set user and destination stuff
request.setAttribute(TRAFFIC_URI, MY_PORTAL_URI);
putSessionValue( SERVICMANAGER_USER, userLogin, request );
putSessionValue( PORTAL_NAME, MY_PORTAL_NAME, request );
putSessionValue( SERVICEMANAGER_HOME_PAGE, thePage, request );
// Log in the user
setLoggedIn(request, response, true);
// Go there
response.sendRedirect(getTrafficURI(request));
%>
In weblogic.properties
file you define a sessioncomparator for every portal, for my portals
I
am using com.beasys.commerce.portal.admin.PortalSessionComparator,
but
Buy Beans example portal uses
com.beasys.commerce.axiom.jsp.DefaultSessionComparator, what is the
difference between these two classes?The <pt:monitorsession> tag uses a SessionComparator to see if the
session is valid, and it can be used to disallow access to a page (see
docs at http://e-docs.bea.com/wlcs/p13ndev/jsptags.htm#1024804
You specify the SessionComparator that you want to register with your
portal or personalized application in weblogic.properties with the
sessioncomparator argument.
The PortalSessionComparator and DefaultSessionComparator both
implement the SessionComparator interface, which defines a single
method, isValid( ) (see javadoc at
http://e-docs.bea.com/wlcs/javadoc/p13n/index.html ) The
DefaultSessionComparator class returns true for the isValid( ) method.
The PortalSessionComparator additionally implements the
PortalAdminConstants interface and checks session attributes to make
sure that the minimum attributes are present for proper operation of
the PortalServiceManager servlet. If you want to add requirements for
a valid portal session, say that the "PREFERRED_CUSTOMER" attribute
must be present and the value must be "true", then you would just
extend PortalSessionComparator and register your new sessioncomparator
argument in weblogic.properties.
Notice that BuyBeans example portal does NOT use the
DefaultSessionComparator. It uses the PortalSessionComparator. The
BuyBeans demo has an example personalized application that is not a
portal (registered as "/mpbb" with the JspServiceManager servlet)
which is used to access an example portal (registered as "/mybuybeans"
with the PortalServiceManager). The personalized application that is
not a portal ("/mpbb") uses the DefaultSessionComparator.
Good luck.
Ture Hoefner
BEA Systems, Inc.
1655 Walnut Street; suite 200
Boulder, CO 80302
www.beasys.com
[att1.html]

Help with JSP, session, login, JDBC.

This is the template login.jsp file I have at the moment.
<%@ page errorPage="errorPage.jsp" %>
<%
String login = (String)request.getParameter("loginname");
if (login == null || login.equals("")) {
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Final//EN">
<HEAD>
<TITLE>Login Page</TITLE>
<STYLE>

</STYLE>
</HEAD>
<BODY>
<jsp:include page="debug.jsp" flush="true" />
<CENTER>
<FONT CLASS="loginhead">
LOGIN REQUIRED:
</FONT>
<BR>
<FORM NAME="loginform" METHOD=post>
<TABLE BGCOLOR=#990022 BORDER=0 CELLPADDING=5 CELLSPACING=0>
<TR><TD ALIGN=right>
<FONT CLASS="loginform">
Login Name:
</FONT>
</TD><TD ALIGN=left>
<FONT CLASS="loginform">
<INPUT TYPE=text NAME="loginname" SIZE=10>
</FONT>
</TD></TR>
<TR><TD ALIGN=right>
<FONT CLASS="loginform">
Password:
</FONT>
</TD><TD ALIGN=left>
<FONT CLASS="loginform">
<INPUT TYPE=password NAME="loginpassword" SIZE=10>
</FONT>
</TD></TR>
<TR><TD COLSPAN=2 ALIGN=center>
<FONT CLASS="loginform">
<INPUT TYPE=SUBMIT VALUE="Login">
</FONT>
</TD></TR>
</TABLE>
</FORM>
</CENTER>
</BODY>
</HTML>
<%
} else {
   Checking against database that username and password are correct.
    session.putValue("login", login);
    session.setMaxInactiveInterval(600);
    String loginpoint
       = (String)session.getValue("loginpoint");
    if (loginpoint == null) {
      StringBuffer defaultpoint = new StringBuffer();
      defaultpoint.append(request.getScheme())
                  .append("://")
                  .append(request.getServerName())
                  .append("/");
      loginpoint = defaultpoint.toString();
    } else {
      session.removeValue("loginpoint");
    response.sendRedirect(loginpoint);
}I know as much as how connect to the database, create a statement and check to see if the username and password are correct, I dont know how to actually take what the user has typed in and put it in an mysql query. I have an idea that maybe I can convert Login and Loginpassword to Strings but I don't know how to do this.
This is how I plan to connect to the database above
//here I need to have login and loginpasword in separate Strings so I can use them in a query.
Connection connection;
Class.forName("com.mysql.jdbc.Driver").newInstance();
connection = DriverManager.getConnection("jdbc:mysql://localhost/Users");
Statement statement=connection.createStatement();
String qry="select PassWord from customers where UserName='"+stringLogin+"'";
ResultSet rs= statement.executeQuery(qry);In my login.jsp file above I don't understand the following code, and why it is needed. Can someone explain please.
session.putValue("login", login);
    session.setMaxInactiveInterval(600);
    String loginpoint
       = (String)session.getValue("loginpoint");
    if (loginpoint == null) {
      StringBuffer defaultpoint = new StringBuffer();
      defaultpoint.append(request.getScheme())
                  .append("://")
                  .append(request.getServerName())
                  .append("/");
      loginpoint = defaultpoint.toString();
    } else {
      session.removeValue("loginpoint");
    response.sendRedirect(loginpoint);
}Hope you can understand what I'm trying to explain what my problems are.

Im not sure what your exact question is. However, I can
throw a few things out there.
1) You need an action to handle the form request
<FORM NAME="loginform" METHOD=post ACTION="login.jsp">2) Then get the username and password from the request
String uname = (String)request.getParameter("loginname");
String pass = (String)request.getParameter("loginpassword");3)Then you can just add them to the query string
String qry="select PassWord from customers where UserName='"+uname+"'";4) Also check for valid password
ResultSet rs= statement.executeQuery(qry);
if(rs.next()) {
    String p = res.getString("PassWord");
         if (p.equals(pass)) {
            //valid user
            session.setAttribute("valid_user", "true");
            // now you can get valid_user from session at top of login.jsp
}5) I cant find where loginpoint is set in the session, but the idea
of the code below appears to be the logic of where to direct the user
which I think would be dependent upon the validation of the user.
session.putValue("login", login);
    session.setMaxInactiveInterval(600);
    String loginpoint
       = (String)session.getValue("loginpoint");
    if (loginpoint == null) {
      StringBuffer defaultpoint = new StringBuffer();
      defaultpoint.append(request.getScheme())
                  .append("://")
                  .append(request.getServerName())
                  .append("/");
      loginpoint = defaultpoint.toString();
    } else {
      session.removeValue("loginpoint");
    response.sendRedirect(loginpoint);
}You might try splitting the login into two pages to start out if you are having
some difficulty.

Can I create ASP user validated website using existing MD5 passwords from SQL table?

I'm attempting to build a user authenticated site in Dreamweaver CS5 using an existing USERS table from another site. The password field in the existing SQL table appears to be MD5 encoded. How can I MD5 encode the form field (or the SQL query) so that it verifies MD5 to MD5?
Currently, it's comparing the form's plain text field to the MD5 encrypted password field in SQL.
I've built a simple login form using the following:
<form id="form1" name="form1" method="POST" action="<%=MM_LoginAction%>">
    <input name="username" type="text" id="username" accesskey="u" tabindex="1" /><input name="password" type="password" id="password" accesskey="p" tabindex="2" /><input name="submit" type="submit" value="submit" />
    </form>
With the stock Dreamweaver Log In User Server Behavior as follows:
<%
' *** Validate request to log in to this site.
MM_LoginAction = Request.ServerVariables("URL")
If Request.QueryString <> "" Then MM_LoginAction = MM_LoginAction + "?" + Server.HTMLEncode(Request.QueryString)
MM_valUsername = CStr(Request.Form("username"))
If MM_valUsername <> "" Then
Dim MM_fldUserAuthorization
Dim MM_redirectLoginSuccess
Dim MM_redirectLoginFailed
Dim MM_loginSQL
Dim MM_rsUser
Dim MM_rsUser_cmd
MM_fldUserAuthorization = ""
MM_redirectLoginSuccess = "results.asp"
MM_redirectLoginFailed = "error.html"
MM_loginSQL = "SELECT user_name, password"
If MM_fldUserAuthorization <> "" Then MM_loginSQL = MM_loginSQL & "," & MM_fldUserAuthorization
MM_loginSQL = MM_loginSQL & " FROM dbo.users WHERE user_name = ? AND password = ?"
Set MM_rsUser_cmd = Server.CreateObject ("ADODB.Command")
MM_rsUser_cmd.ActiveConnection = MM_ADSX_STRING
MM_rsUser_cmd.CommandText = MM_loginSQL
MM_rsUser_cmd.Parameters.Append MM_rsUser_cmd.CreateParameter("param1", 200, 1, 32, MM_valUsername) ' adVarChar
MM_rsUser_cmd.Parameters.Append MM_rsUser_cmd.CreateParameter("param2", 200, 1, 32, Request.Form("password")) ' adVarChar
MM_rsUser_cmd.Prepared = true
Set MM_rsUser = MM_rsUser_cmd.Execute
If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then
    ' username and password match - this is a valid user
    Session("MM_Username") = MM_valUsername
    If (MM_fldUserAuthorization <> "") Then
      Session("MM_UserAuthorization") = CStr(MM_rsUser.Fields.Item(MM_fldUserAuthorization).Value)
    Else
      Session("MM_UserAuthorization") = ""
    End If
    if CStr(Request.QueryString("accessdenied")) <> "" And false Then
      MM_redirectLoginSuccess = Request.QueryString("accessdenied")
    End If
    MM_rsUser.Close
    Response.Redirect(MM_redirectLoginSuccess)
End If
MM_rsUser.Close
Response.Redirect(MM_redirectLoginFailed)
End If
%>
Please help!

unfortunately classic asp does not have a built in function for md5. what we used for our legacy sites is a javascript that hashes a string to MD5. here's the code we've used in the past http://pajhome.org.uk/crypt/md5/md5.html
your asp should have something like this...
<script language="jscript" src="path_to_js_file/md5.js" runat="server"></script>
<%
'hash the password
Dim md5password       ' md5password variable will hold the hashed text from form variable txtPassword
md5password = hex_md5(""&Request("txtPassword")&"")
' based on the code you posted...
MM_rsUser_cmd.Parameters.Append MM_rsUser_cmd.CreateParameter("param2", 200, 1, 32, md5password) ' adVarChar
%>

Dreamweaver need to create a session variable or Cookie or something Help

I have been working for weeks I am very close but can't get over one last hurdle. I am trying to call a session variable much like dreamweaver calls mm_username. It is in the same user table as username - password - access level - Customer_id. I need to pull the session variable or cookie or however I can do it to access the customer id number so I can have customer specific information and pricing. There will be mulitple users for each customer so I need another variable besides mm_username. Help I use dreamweaver cs4 aspvbscript and sqlserver ...help

I soon as I put the red line of code in it is custoemr _id instead of user id in my table. Dreamweaver removes the user id function. is it in the wrong place ...what am i doning wrong ....it is fine with the first part you did but the second part it doesnt like in red.
<%@LANGUAGE="VBSCRIPT" CODEPAGE="65001"%>

<%
' *** Validate request to log in to this site.
MM_LoginAction = Request.ServerVariables("URL")
If Request.QueryString <> "" Then MM_LoginAction = MM_LoginAction + "?" + Server.HTMLEncode(Request.QueryString)
MM_valUsername = CStr(Request.Form("username"))
If MM_valUsername <> "" Then
Dim MM_fldUserAuthorization
Dim MM_redirectLoginSuccess
Dim MM_redirectLoginFailed
Dim MM_loginSQL
Dim MM_rsUser
Dim MM_rsUser_cmd
MM_fldUserAuthorization = "Access_Level"
MM_redirectLoginSuccess = "/mainmenu.asp"
MM_redirectLoginFailed = "/loginfailed.asp"
MM_loginSQL = "SELECT customer_id, Login_Name, password"
If MM_fldUserAuthorization <> "" Then MM_loginSQL = MM_loginSQL & "," & MM_fldUserAuthorization
MM_loginSQL = MM_loginSQL & " FROM dbo.btb_web_login WHERE Login_Name = ? AND password = ?"
Set MM_rsUser_cmd = Server.CreateObject ("ADODB.Command")
MM_rsUser_cmd.ActiveConnection = MM_p21_STRING
MM_rsUser_cmd.CommandText = MM_loginSQL
MM_rsUser_cmd.Parameters.Append MM_rsUser_cmd.CreateParameter("param1", 200, 1, 20, MM_valUsername) ' adVarChar
MM_rsUser_cmd.Parameters.Append MM_rsUser_cmd.CreateParameter("param2", 200, 1, 10, Request.Form("password")) ' adVarChar
MM_rsUser_cmd.Prepared = true
Set MM_rsUser = MM_rsUser_cmd.Execute
If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then
    ' username and password match - this is a valid user
    Session("MM_Username") = MM_valUsername
    Session ("MM_USERID") = MM_rsUser.Fields.Item("customer_id").value
    If (MM_fldUserAuthorization <> "") Then
      Session("MM_UserAuthorization") = CStr(MM_rsUser.Fields.Item(MM_fldUserAuthorization).Value)
    Else
      Session("MM_UserAuthorization") = ""
    End If
    if CStr(Request.QueryString("accessdenied")) <> "" And false Then
      MM_redirectLoginSuccess = Request.QueryString("accessdenied")
    End If
    MM_rsUser.Close
    Response.Redirect(MM_redirectLoginSuccess)
End If
MM_rsUser.Close
Response.Redirect(MM_redirectLoginFailed)
End If
%><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Brown Live Online Login</title>
<style type="text/css">

</style></head>
<body>
<p class="style5"><img src="/images/BTBlogosmall.jpg" width="322" height="53" /></p>
<p class="style5">Brown Live Online 2.0 </p>
<form ACTION="<%=MM_LoginAction%>" id="form1" name="form1" method="POST">
<p>
    <label><span class="style3">    User Name</span>
    <input name="username" type="text" id="username" size="20" />
    </label>
</p>
<p>
    <label><span class="style1"><span class="style6">Password</span></span>
    <input name="password" type="password" id="password" size="20" />
    </label>
</p>
<p>
    <label>
    <input type="submit" name="button" id="button" value="Login" />
    </label>
</p>
</form>
<p><a href="/index.html"><img src="/images/brown2.0.jpg" width="100" height="100" /></a> Click Image to return to <a href="http://www.browntransmission.com">www.browntransmission.com</a></p>
</body>
</html>

Session storage between Java and PL/SQL

Hi all,
We have made Java servlet using session storage. The data stored is valid until session is changed. Seems that session is changed during logon or even if web page (where the servlet is located) is refreshed!
PL/SQL doesn't lost the session storage data during logon. But is it possible to find Java session storage from PL/SQL session storage?
Java session storage doesn't use domain name or subdomain which are mandatory for PL/SQL session storage.
Portal version is 3.0.9.8.5
Thanks,
Jari

See my answer Session storage between Java and PL/SQL.
Peter

Custom Authentication using WebService

Hi,
I am trying to create a way to Authenticate my users after calling a Webservice using Custom Authentication so that they don't have to Log on twice (SSO).
Here is a brief description of what I'm trying to do:
- End Users Login and get Authenticated in an iPlanet Portal.
- Once in - they hit a link which calls my APEX Application in a new window.
- I call the Web Service that return a response telling me if they have a valid Portal session along with username etc.
- If they are logged in to our Portal - I authenticate them in APEX using Custom Authentication and allow them to continue.
I have done this so far:
- Created an After Footer Process in the Login Page(101) that calls the Web Service.
- Created an automatic Page submit on page 101 with Javascript.
- Changed the After Submit Process 'Set Username Cookie' to use the Login returned in the Web Service.
- Changed the After Submit Process 'Login' to use the Login returned in the Web Service.
- Custom Authentication is run after Page is submitted.
- The user can then run the Application.
Everything was working fine when I was already logged in to APEX as a Developer, but when I tried to run the application as a non-developer I get the Error:
ORA-01400: cannot insert NULL into ("FLOWS_030100"."WWV_FLOW_COLLECTIONS$"."USER_ID")
I now realize that my Webservice Process is trying to store the result of the Web Service call before the Login has occured - so there is no APEX User at this point.
Does anyone have a way to accomplish what I'm trying to do?
Thanks,
Bill

You should create a page sentry function based on the often-cited ntlm page sentry function discussed in this forum. That has the framework you need. Here is an example, although it's kind of old:
function modntlm_page_sentry return boolean as
    l_current_sid            number;
    l_authenticated_username varchar2(256) := OWA_UTIL.GET_CGI_ENV('REMOTE_USER');
begin
    if l_authenticated_username is null then
        return false;
    end if;
    l_current_sid := wwv_flow_custom_auth_std.get_session_id_from_cookie;
    if wwv_flow_custom_auth_std.is_session_valid then
        htmldb_application.g_instance := l_current_sid;
        if l_authenticated_username = wwv_flow_custom_auth_std.get_username then
            wwv_flow_custom_auth.define_user_session(
                p_user=>l_authenticated_username,
                p_session_id=>l_current_sid);
            return true;
        else -- username mismatch. Unset the session cookie and redirect back here to take other branch
            wwv_flow_custom_auth_std.logout(
                p_this_flow=>v('FLOW_ID'),
                p_next_flow_page_sess=>v('FLOW_ID')||':'||nvl(v('FLOW_PAGE_ID'),0)||':'||l_current_sid);
            htmldb_application.g_unrecoverable_error := true; -- tell htmldb engine to quit
            return false;
        end if;
    else -- application session cookie not valid; we need a new htmldb session
        wwv_flow_custom_auth.define_user_session(
            p_user=>l_authenticated_username,
            p_session_id=>wwv_flow_custom_auth.get_next_session_id);
        htmldb_application.g_unrecoverable_error := true; -- tell htmldb engine to quit
        if owa_util.get_cgi_env('REQUEST_METHOD') = 'GET' then
            wwv_flow_custom_auth.remember_deep_link(p_url=>'f?'||wwv_flow_utilities.get_cgi_query_string_decoded);
        else
            wwv_flow_custom_auth.remember_deep_link(p_url=>'f?p='||
                to_char(htmldb_application.g_flow_id)||':'||
                to_char(nvl(htmldb_application.g_flow_step_id,0))||':'||
                to_char(htmldb_application.g_instance));
        end if;
        wwv_flow_custom_auth_std.post_login( -- register session in htmldb sessions table,set cookie,redirect back
            p_uname     => l_authenticated_username,
            p_flow_page => htmldb_application.g_flow_id||':'||nvl(htmldb_application.g_flow_step_id,0));
        return false;
    end if;
end modntlm_page_sentry;You would replace this:
l_authenticated_username varchar2(256) := OWA_UTIL.GET_CGI_ENV('REMOTE_USER');
...with whatever statement will allow you to get the authentication status and authenticated user name from the environment, from HTTP headers, or from some other external source.
Then you would put this into the page sentry function attribute of the authentication scheme for your application:
return modntlm_page_sentry;
Of course you can name it anything you like but it should be compiled in your applicaiton's parsing schema.
Scott

How to configure for struts-config.xml

Hi
I am having a JSp which is Mapped to anothr action through the registration.The registartion is mapped to action
<%@ page contentType="text/html;charset=UTF-8" %>
<%@ page import="org.apache.struts.validator.ValidatorPlugIn" session="true" %>
<%@ page import="org.apache.struts.Globals" %>
<%@ taglib uri="/tags/struts-bean" prefix="bean" %>
<%@ taglib uri="/tags/struts-html" prefix="html" %>
<%@ taglib uri="/tags/struts-logic" prefix="logic" %>
<html:html locale="true">
<head>
<title><bean:message key="index.title"/></title>
<html:base/>
</head>
<body bgcolor="white">
<logic:notPresent name="<%= Globals.MESSAGES_KEY %>" >
<font color="red">
    ERROR: Application resources not loaded -- check servlet container
    logs for error messages.
</font>
</logic:notPresent>
<%-- :TODO: Need code to do this with moudles
<logic:notPresent name="<%= ValidatorPlugIn.VALIDATOR_KEY %>" >
<font color="red">
    ERROR: Validator resources not loaded -- check Commons Logging
    logs for error messages.
</font>
</logic:notPresent>
--%>
<h3><bean:message key="registrationForm.title"/>1222AAAAAAAAAAAAA</h3>
<ul>
<li><html:link action="Test.jsp">Test212121.jsp</html:link >
   <li><html:link action="/registration"><bean:message key="registrationForm.title"/></html:link></li>
   <%System.out.println("hellooooooooooooo");%>
   
   <li>
      <html:link action="/jsRegistration"><bean:message key="jsRegistrationForm.title"/></html:link> -
      <bean:message key="jsRegistrationForm.description"/>
   </li>
   <li>
      <html:link action="/multiRegistration"><bean:message key="multiRegistrationForm.title"/></html:link> -
      <bean:message key="multiRegistrationForm.description"/>
   </li>
</ul>
<a href="registration.jsp">Registration Test</a>
<p> </p>
<h3><bean:message key="typeForm.title"/></h3>
<ul>
   <li>
      <html:link action="/type"><bean:message key="typeForm.title"/></html:link> -
      <bean:message key="typeForm.description"/>
   </li>
   <li>
      <html:link action="/editJsType"><bean:message key="jsTypeForm.title"/></html:link> -
      <bean:message key="jsTypeForm.description"/>
   </li>
</ul>
<p> </p>
<h3>Change Language | Changez Le Langage</h3>
<ul>
   <li><html:link action="/locale?language=en">English | Anglais</html:link></li>
   <li>
      <html:link action="/locale?language=fr">French | Francais</html:link> -
      <bean:message key="localeForm.fr"/>
   </li>
   <li>
      <html:link action="/locale?language=fr&country=CA">French Canadian | Francais Canadien</html:link> -
      <bean:message key="localeForm.frCA"/>
   </li>
   <li>
      <html:link action="/locale?language=ja" useLocalEncoding="true">Japanese | Japonais</html:link> -
      <bean:message key="localeForm.ja"/>
   </li>
</ul>
<p> </p>
==============struts-config.xml=================\<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE struts-config PUBLIC
"-//Apache Software Foundation//DTD Struts Configuration 1.2//EN"
"http://struts.apache.org/dtds/struts-config_1_2.dtd">
<struts-config>

<form-beans>

<form-bean name="registrationForm" type="validator.RegistrationForm" />

<form-bean name="multiRegistrationForm" type="validator.RegistrationForm" />

<form-bean name="typeForm" type="validator.TypeForm" />

<form-bean name="jsTypeForm" type="validator.TypeForm" />
</form-beans>

<global-forwards>
<forward name="home" path="/index.jsp" />
</global-forwards>

<action-mappings>
<action path="/welcome" forward="/index.jsp" />

<forward name="registration" path="/registration.do" /> //// ==========>here it is mapped
     <action path="/registration" forward="/registration.jsp" />
     <action path="/registration-submit" type="validator.RegistrationAction" name="registrationForm" scope="request" validate="true" input="input">
<forward name="input" path="/registration.do" />
<forward name="success" path="/index.jsp" />
</action>
     <action path="/jsRegistration" forward="/jsRegistration.jsp" />

<action path="/multiRegistration" forward="/multiRegistration1.jsp" />
<action path="/multiRegistration-submit" type="validator.MultiRegistrationAction" name="multiRegistrationForm" scope="request" validate="false">
<forward name="success" path="/welcome.do" />
<forward name="input1" path="/multiRegistration1.jsp" />
<forward name="input2" path="/multiRegistration2.jsp" />
</action>

<action path="/type" forward="/type.jsp" />
<action path="/type-submit" type="validator.TypeAction" name="typeForm" scope="request" validate="true" input="input">
<forward name="input" path="/type.do" />
<forward name="success" path="/welcome.do" />
</action>

<action path="/editJsType" type="validator.EditTypeAction" scope="request" validate="false">
<forward name="success" path="/jsType.do" />
</action>
<action path="/jsType" forward="/jsType.jsp" />
<action path="/jsType-submit" type="validator.TypeAction" name="jsTypeForm" scope="request" validate="true" input="input">
<forward name="input" path="/editJsType-submit.do?typeForm.reset=false" />
<forward name="success" path="/welcome.do" />
</action>

<action path="/locale" type="validator.LocaleAction" name="localeForm" scope="request">
<forward name="success" path="/welcome.do" />
</action>
</action-mappings>

<controller inputForward="true" />

<message-resources parameter="validator.MessageResources" />


<plug-in className="validator.ValidatorPlugIn">
<set-property property="pathnames" value="/WEB-INF/validator-rules.xml,/WEB-INF/validator/validation.xml" />
<set-property property="stopOnFirstError" value="true" />
</plug-in>
</struts-config>
<html:img page="/struts-power.gif" altKey="index.powered"/>
</body>
</html:html>

Hey,
U can do it the way u want. Use DispatchAction Class instead of Action Class. Just go through the documentation for this. If u still have problem let me know.
Thanks
KM
Hi,
I am new to struts and when i am doing my application i find some >>difficulty i.e,
I have two buttons on a jsp page Save,Delete.when I click on >>save ,saveAction must be called.if we click delete deleteAction to be >>called.
for this how can I configure in struts-config.xml file. and how it >>knows which button has been clicked.
Can any one please guid me.
Thanks

Wierd ColdFusion erro : Error occurred while processing request.

Hi there ,
I am a graduate student and new to ColdFusion.I started working on this already developed project by someone couple of years ago , and the client wants some changes to be done.so i went ahead and did some small modifications to the appearance of the form(insertdata.cfm page) like adding some more options to a drop down menu , changing the label names and so on and am very sure this changes would not have effected the application in any way.And the place where the message says the error can be , i didnt even touch that part.Now after 4 days i start getting this weird error saying " Error Occurred While Processing Request
The system has attempted to use an undefined value, which usually indicates a programming error, either in your code or some system code.
Null Pointers are another name for undefined values."
And this happens randomly not everytime i access the website or different webpages.Here are the errors.
The error occurred in /export/web/virtual/web3_unt_edu/cps/webaccess/sites/Amarillo/index.cfm: line 8
5 :   SELECT UserName,Password FROM user_data WHERE UserName=
6 :   <cfqueryparam value="#FORM.UserName#" maxlength="8">
7 :     AND Password=
8 :   <cfqueryparam value="#FORM.Password#" maxlength="8">
9 :   </cfquery>
10 :   <cfif MM_rsUser.RecordCount NEQ 0>
I tried adding " cfsqltype="cf_sql_clob" " in cfqueryparam also on my friends advice , but it doesnt work out.
2nd ERROR
The error occurred in /export/web/virtual/web3_unt_edu/cps/webaccess/sites/Amarillo/InsertData.cfm: line 13
11 :   <cflocation url="#MM_failureURL#" addtoken="no">
12 : </cfif>
13 : <cfquery name="rsDay" datasource="cps">
14 : SELECT days FROM days
15 : </cfquery>
3rd ERROR
The error occurred in /export/web/virtual/web3_unt_edu/cps/webaccess/sites/Amarillo/InsertData.cfm: line 27
25 : ORDER BY ethnicity ASC
26 : </cfquery>
27 : <cfquery name="rsHospitals" datasource="cps_amarillo">
28 : SELECT *
29 : FROM hospitals
Can anyone help me with this. I have to get the modifications done in 2 weeks.
Thank you
Craj

Hi Mak
         I can get the stack trace for now , but here is my complete code , may be this ll give u complete idea .........
The index page where i am getting the first error
<cfif IsDefined("FORM.UserName")>
<cfset MM_redirectLoginSuccess="menu.cfm">
<cfset MM_redirectLoginFailed="../../fail.htm">
<cfquery name="MM_rsUser" datasource="cps_amarillo">
    SELECT UserName,Password FROM user_data WHERE UserName=
<cfqueryparam value="#FORM.UserName#" maxlength="8">
    AND Password=
<cfqueryparam value="#FORM.Password#" maxlength="8">
</cfquery>
<cfif MM_rsUser.RecordCount NEQ 0>
    <cftry>
      <cflock scope="Session" timeout="30" type="Exclusive">
        <cfset Session.MM_Username=FORM.UserName>
        <cfset Session.MM_UserAuthorization="">
      </cflock>
      <cfif IsDefined("URL.accessdenied") AND true>
        <cfset MM_redirectLoginSuccess=URL.accessdenied>
      </cfif>
      <cflocation url="#MM_redirectLoginSuccess#" addtoken="no">
      <cfcatch type="Lock">
        
      </cfcatch>
    </cftry>
</cfif>
<cflocation url="#MM_redirectLoginFailed#" addtoken="no">
<cfelse>
<cfset MM_LoginAction=CGI.SCRIPT_NAME>
<cfif CGI.QUERY_STRING NEQ "">
    <cfset MM_LoginAction=MM_LoginAction & "?" & XMLFormat(CGI.QUERY_STRING)>
</cfif>
</cfif>
<cfinclude template="../../../Connections/cps_amarillo.cfm">
<cfif IsDefined("FORM." & "UserName")>
<cfscript>
    MM_valUsername=Evaluate("FORM." & "UserName");
    MM_fldUserAuthorization="";
    MM_redirectLoginSuccess="menu.cfm";
    MM_redirectLoginFailed="../../fail.htm";
    MM_dataSource=MM_cps_amarillo_DSN;
    MM_queryFieldList = "UserName,Password";
    if (MM_fldUserAuthorization IS NOT "") MM_queryFieldList=MM_queryFieldList & "," & MM_fldUserAuthorization;
</cfscript>
<cfquery datasource=#MM_dataSource# name="MM_rsUser" username=#MM_cps_amarillo_USERNAME# password=#MM_cps_amarillo_PASSWORD#>
SELECT #MM_queryFieldList# FROM user_data WHERE UserName='#Replace(MM_valUsername,"\'","
","ALL")#' AND Password='#FORM.Password#'
</cfquery>
<cfif MM_rsUser.RecordCount GREATER THAN 0>
    <cfscript>
      // username and password match - this is a valid user
      Session.MM_Username = MM_valUsername;
      if (MM_fldUserAuthorization IS NOT "") {
        Session.MM_UserAuthorization = MM_rsUser[MM_fldUserAuthorization][1];
      } else {
        Session.MM_UserAuthorization = "";
      if (IsDefined("accessdenied") AND true) {
        MM_redirectLoginSuccess = Evaluate("accessdenied");
    </cfscript>
    <cflocation url="#MM_redirectLoginSuccess#" addtoken="no">
</cfif>
<cflocation url="#MM_redirectLoginFailed#" addtoken="no">
<cfelse>
<cfscript>
    MM_LoginAction = CGI.SCRIPT_NAME;
    if (CGI.QUERY_STRING NEQ "") MM_LoginAction = MM_LoginAction & "?" & CGI.QUERY_STRING;
</cfscript>
</cfif>
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Amarillo Login Screen</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<script type="text/JavaScript">

</script>
</head>
<body>
<div id="Layer2" style="position:absolute; left:26px; top:112px; width:683px; height:56px; z-index:2">
<div align="right"><font size="+6"><strong><font color="#999999" size="5" face="Verdana, Arial, Helvetica, sans-serif">Seniors
    / Volunteers for Childhood Immunization<br />
    </font></strong></font><font color="#999999" size="5"><strong><font size="4" face="Verdana, Arial, Helvetica, sans-serif">Web
    Access Database</font></strong></font></div>
</div>
<div id="instructions" style="position:absolute; left:160px; top:182px; width:259px; height:30px; z-index:3"><font color="#999999" size="5"><strong><font size="4" face="Verdana, Arial, Helvetica, sans-serif">Please
enter your user name and password...</font></strong></font></div>
<div id="LayerLogin" style="position:absolute; left:427px; top:182px; width:310px; height:94px; z-index:4">
<form ACTION="<cfoutput>#MM_loginAction#</cfoutput>" name="form1" id="form1" method="POST">
    <p><img src="../../../images/image14.gif" alt="" name="UserNameImg" width="150" height="21" border="0" id="UserNameImg" />
      <input name="UserName" type="text" id="UserName" size="15" maxlength="15" />
      <br />
      <img src="../../../images/image15.gif" alt="" name="PasswordImg" width="150" height="21" border="0" id="PasswordImg" />
      <input name="Password" type="password" id="Password" size="17" maxlength="15" />
    </p>
    <p align="right">
      <input name="Submit" type="submit" id="Submit" onclick="MM_validateForm('UserName','','R','Password','','R');return document.MM_returnValue" value="Log In!" />
    </p>
</form>
</div>
</body>
</html>
I checked it again and again , but the code seems to work well on a local host ..... but not whn i upload it to server. Please let me know where i am goin wrong.
Thank you

Item cannot be found in the collection corresponding to the requested name or ordinal.

Hi,
I am using Dreamweavers User Authentication tool, and all seems to be working except when I press the 'Submit' button I get the following error;
ADODB.Fields error '800a0cc1'
Item cannot be found in the collection corresponding to the requested name or ordinal.
/coding/test_login.asp, line 35
As far as I can tell the user login works, as I can assess the restricted page, if I manually type in the URL.
My code is listed below;
<%@LANGUAGE="VBSCRIPT" CODEPAGE="65001"%>

<%
' *** Validate request to log in to this site.
MM_LoginAction = Request.ServerVariables("URL")
If Request.QueryString <> "" Then MM_LoginAction = MM_LoginAction + "?" + Server.HTMLEncode(Request.QueryString)
MM_valUsername = CStr(Request.Form("usercode"))
If MM_valUsername <> "" Then
Dim MM_fldUserAuthorization
Dim MM_redirectLoginSuccess
Dim MM_redirectLoginFailed
Dim MM_loginSQL
Dim MM_rsUser
Dim MM_rsUser_cmd
MM_fldUserAuthorization = """group"""
MM_redirectLoginSuccess = "yes.asp"
MM_redirectLoginFailed = "no_access.asp"
MM_loginSQL = "SELECT usercode, epros_password"
If MM_fldUserAuthorization <> "" Then MM_loginSQL = MM_loginSQL & "," & MM_fldUserAuthorization
MM_loginSQL = MM_loginSQL & " FROM DBA.[user] WHERE usercode = ? AND epros_password = ?"
Set MM_rsUser_cmd = Server.CreateObject ("ADODB.Command")
MM_rsUser_cmd.ActiveConnection = MM_Conn_PSCRM_Demo_STRING
MM_rsUser_cmd.CommandText = MM_loginSQL
MM_rsUser_cmd.Parameters.Append MM_rsUser_cmd.CreateParameter("param1", 200, 1, 255, MM_valUsername) ' adVarChar
MM_rsUser_cmd.Parameters.Append MM_rsUser_cmd.CreateParameter("param2", 200, 1, 255, Request.Form("password")) ' adVarChar
MM_rsUser_cmd.Prepared = true
Set MM_rsUser = MM_rsUser_cmd.Execute
If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then
    ' username and password match - this is a valid user
    Session("MM_Username") = MM_valUsername
    If (MM_fldUserAuthorization <> "") Then
      Session("MM_UserAuthorization") = CStr(MM_rsUser.Fields.Item(MM_fldUserAuthorization).Value)
    Else
      Session("MM_UserAuthorization") = ""
    End If
    if CStr(Request.QueryString("accessdenied")) <> "" And true Then
      MM_redirectLoginSuccess = Request.QueryString("accessdenied")
    End If
    MM_rsUser.Close
    Response.Redirect(MM_redirectLoginSuccess)
End If
MM_rsUser.Close
Response.Redirect(MM_redirectLoginFailed)
End If
%>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Untitled Document</title>
</head>
<body>
<form action="<%=MM_LoginAction%>" method="POST" name="logon">
<input name="usercode" type="text"><br>
<input name="password" type="text">
<input type="submit" name="Submit" id="Submit" value="Submit">
</form>
</body>
</html>
Any help greatly accepted.

There are several workarounds you could use. I would start by setting the local variable back to the actual column name
MM_fldUserAuthorization = "group"
and then modify the reserved word directly SQL. See if this works:
If MM_fldUserAuthorization <> "" Then MM_loginSQL = MM_loginSQL & "," & """MM_fldUserAuthorization"""
If that line doesn't work, then you might need to concatenate the quotes around the variable, or try a combination of single/double quotes.
Also be warned that once you modify DW's generated code, you probably will not be able to maintain the code in DW server behavior wizard. You'll need to maintain by hand.
Good luck.

Unable to compil class for jsp

error is
HTTP Status 500 -
description The server encountered an internal error () that prevented it from fulfilling this request.
exception
org.apache.jasper.JasperException: Unable to compile class for JSP:
An error occurred at line: 6 in the generated java file
Syntax error on token ".", Identifier expected after this token
An error occurred at line: 7 in the generated java file
Syntax error on token ".", Identifier expected after this token
An error occurred at line: 9 in the jsp file: /travel/issue.jsp
LibraryStudent cannot be resolved to a type
6: <BODY>
7: <H1>issue books</H1>
8: <CENTER>
9: <jsp:useBean id="student"
10: type="LibraryStudent"
11: scope="session" />
12: student name:
An error occurred at line: 9 in the jsp file: /travel/issue.jsp
LibraryStudent cannot be resolved to a type
6: <BODY>
7: <H1>issue books</H1>
8: <CENTER>
9: <jsp:useBean id="student"
10: type="LibraryStudent"
11: scope="session" />
12: student name:
An error occurred at line: 13 in the jsp file: /travel/issue.jsp
LibraryStudent cannot be resolved to a type
10: type="LibraryStudent"
11: scope="session" />
12: student name:
13: <jsp:getProperty name="student" property="studentName" />
14:
15: book name:
16: <jsp:getProperty name="student" property="bookName" />
An error occurred at line: 16 in the jsp file: /travel/issue.jsp
LibraryStudent cannot be resolved to a type
13: <jsp:getProperty name="student" property="studentName" />
14:
15: book name:
16: <jsp:getProperty name="student" property="bookName" />
17:
18: <jsp:getProperty name="student"
19: property="issueData" />
An error occurred at line: 18 in the jsp file: /travel/issue.jsp
LibraryStudent cannot be resolved to a type
15: book name:
16: <jsp:getProperty name="student" property="bookName" />
17:
18: <jsp:getProperty name="student"
19: property="issueData" />
20: </FORM>
21: </CENTER>LibraryStudent.java is
import java.util.*;
import java.text.*;
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
import java.sql.*;
import java.util.*;
public class LibraryStudent {
private String emailAddress, s,password, sname,bname;
private String date,value;
public String getStudentName() {
return(sname);
public void setStudentName(String sname) {
this.sname = sname;
public String getEmailAddress() {
return(emailAddress);
public void setEmailAddress(String emailAddress) {
this.emailAddress = emailAddress;
public String getPassword() {
return(password);
public void setPassword(String password) {
this.password = password;
public String getBookName() {
return(bname);
public void setBookName(String bname) {
this.bname = bname;
public String getDate() {
return(date);
public void setDate(String date) {
this.date = date;
public String getIssueData() //method that create connection withh database
throws ServletException,IOException{
try{
getDate();                   //and add a entry in database
getBookName();
getStudentName();
Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
Connection con=DriverManager.getConnection("jdbc:odbc:db2");
Statement st=con.createStatement();
String sql =
    "insert into table1 (bookname,studentname,date) values(bname,sname,date)";
st.executeUpdate(sql);
System.out.println(sql);
String s= "your book has been issued ";
return(s);
catch(Exception e)
e.printStackTrace();
return "failed";
public String getSumbitData()
throws ServletException,IOException{
try
getBookName();
getStudentName();
Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
Connection con=DriverManager.getConnection("jdbc:odbc:db2");
Statement st=con.createStatement();
String sql =
    "delete from db2 where bookname='bname' and studentname=sname";
st.executeUpdate(sql);
System.out.println(sql);
String s="your book has been sumbitted ";
return(s) ;
catch(Exception e)
e.printStackTrace();
return "failed";
public static int findStudent    //to validate customer
(String emailAddress,
String password) throws ServletException,IOException{
try
if (emailAddress == null) {
return(0);
Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
Connection con=DriverManager.getConnection("jdbc:odbc:user");
Statement st=con.createStatement();
String sql="select * from user where name='"+emailAddress+"' and password='"+password+"'";
System.out.println(sql);
ResultSet rs=st.executeQuery(sql);
if(rs.next())
return(1);
else
return(0);
}catch(Exception e)
e.printStackTrace();
return (0);}
to be continued.............

and Library.java is import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
public class Library extends HttpServlet {
public void doPost(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException {
String emailAddress = request.getParameter("emailAddress");//use to email&pass
String password = request.getParameter("password");//from html page
LibraryStudent student = new LibraryStudent();//Make a student Object
int a=LibraryStudent.findStudent(emailAddress, password);//to validate student
if (a==0) {
gotoPage("/library/accounts.jsp", request, response);
else
student.setStudentName(request.getParameter("sname"));//use to sent other textbox
student.setBookName(request.getParameter("bname"));//data in librarystudent
student.setDate(request.getParameter("date"));//class after validation
HttpSession session = request.getSession(true);
session.putValue("student", student);
//for moving different page
if (request.getParameter("issue") != null) {
gotoPage("/travel/issue.jsp",
request, response);
} else if (request.getParameter("sumbit") != null) {
gotoPage("/travel/sumbit.jsp",
request, response);
} else if (request.getParameter("search") != null) {
gotoPage("/travel/search.jsp",
request, response);
} else if (request.getParameter("account") != null) {
gotoPage("/travel/EditAccounts.jsp",
request, response);
} else {
gotoPage("/travel/IllegalRequest.jsp",
request, response);
private void gotoPage(String address,
HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException {
RequestDispatcher dispatcher =
getServletContext().getRequestDispatcher(address);
dispatcher.forward(request, response);
}    issue.jsp is
   <%@page import="java.io.,java.util.,java.sql.*"%>
<HTML>
<HEAD>
<TITLE>issue books</TITLE>
</HEAD>
<BODY>
<H1>issue books</H1>
<CENTER>
<jsp:useBean id="student"
type="LibraryStudent"
scope="session" />
student name:
<jsp:getProperty name="student" property="studentName" />
book name:
<jsp:getProperty name="student" property="bookName" />
<jsp:getProperty name="student"
property="issueData" />
</FORM>
</CENTER>
</BODY>
</HTML> plz solve my problem .i m new to servlet and jsp and i have keen desire to learn this topic

Validity of session

Similar Messages

Maybe you are looking for