Weblogic HTTP Sessions timeouts

Hi All,
Im quite new to Weblogic 8.1 and am having a problem with HTTP sessions. I have two applications (lets say App1 and App2) in the same Weblogic server, and want to pass information from App1 to App2. Because of HTTP ServletContext rules, I cannot pass session information from one context to another. So instead, when App1 passes information to App2, I create a new session in App2 straight away. When the session timesout, it will redirect me to a page. This redirect will only be done when the user clicks a button (server side redirect rather than a client side automatic redirect). This is all working fine except I hit this problem.
I have set the timeout interval to 1min (in web.xml) for testing. After I wait 1 min, I click the button and it redirects - Ok thats cool. The real problem is that I wait for the session to timeout after 1 min. Then I wait for an extra 2 mins on top of that (so in theory, the session should still be timed out). When I click the button again, the session is created again rather than redirecting. Now I find this odd. It seems like Weblogic is recreating the session (as I get new session ids).
Has anyone come across this before and does anyone know how to get around this? Is it some configuration in Weblogic that I need to setup?
Regards,
Andy

<Andy Cheng> wrote in message news:[email protected]..
Im quite new to Weblogic 8.1 and am having a problem with HTTP sessions. I have two applications (lets say App1 and App2) in thesame Weblogic server, and want to pass information from App1 to App2.
If your applications exchange data extensively, you may want to consider
merging them into a single application. If it is not possible, you should follow
the standard approaches used to connect standalone, remotely located
applications. The range of possible design solutions is pretty wide - web
services, EJB, CORBA, etc.
Regards,
Slava Imeshev

Similar Messages

Https session lifetime

How can lifetime of a secure session be controlled in OC4J 9.0.3-9.0.4?
Is "session-timeout" parameter in web.xml valid or is the SSL session controlled by other parameters?
We are migrating to https an application that worked properly in http mode, and sessions expire now after just a few seconds. We can't find where to config https session timeout. OC4J documentation is very vague regarding to secure applications.
Thanks,
Modulab Team

Having the same problem for more than 1 week, couldn't find a solution. Session expires in a very short time in https. We're using standalone OC4J (9.0.3). Do I have to change it with AS now ? Isn't there any other solution, patch or something like that ?
Any kind of your help would be greatly appreciated since thousands of WEB users of our institution CAN NOT use all of our https WEB apps.
Regards,

Session Timeout in weblogic 6.1 SP3-- Urgent

Hi
We are currently using weblogic 6.1 SP3 and iPlanet for our application. The session timeout in web.xml is set to 100 mins but the session doesn't timeout, i.e., we can still access the application without being locked out. How can I fix this??
What is happening is that a new session is being created automatically after the sesion timeout. our application doesn't validate the user.. the authentication is done by some PKI tokens. can that be the reason for this behavior??? If so, how can we fix it??

What is the heap size ? How many useres are hitting the system ? What is the approx size of the session? Turn on -verbose:gc and monitor the GC activity. Are the sessions really inactive ?
Make the timeout 30 secs and the InvalidationIntervalSecs to 20 secs and see if it makes a difference.
If you still have the same results attach the pofiler trace here. A test case would be good too.
Rakesh Aggarwal wrote:
We are running a J2EE servlet in Weblogic 6.1 SP3 on Windows NT. The test client to this servlet opens a new Http session on every request.
The server containing the servlet does not seem to be releasing memory associated with the session. The server eventually runs out of memory due to this. We verified this with a profiler tool. It shows Strings allocated with ServletRequestImpl.getSession() (weblogic.servlet.internal.session.RSID.getID()) not freed. We have set the session invalidation timeout to 1 min using:
1) session-timeout=1 in web.xml,
2) TimeoutSecs=60, InvalidationIntervalSecs=60 in weblogic.xml for the web-app containing the servlet.
We have also tried setting session.setMaxInactiveInterval(60secs) for the servlet. The latter setting does seem to work as verified from a UI client. We are wondering whether weblogic server is not cleaning up the session even after invalidating it.
We are not saving any reference to the Http session in our servlet. So we would think that the weblogic server should cleanp the inactive session after 1 min according to the above setting.
Any help regarding this will be sincerely appreciated. Thanks.
-Rakesh--
Rajesh Mirchandani
Developer Relations Engineer
BEA Support

Session Timeouts (Weblogic/Code)

Weblogic510/Service Pack 6/Sun Solaris 5.6:
If I set the
weblogic.httpd.session.timeoutSecs=300 property it
works but this setting applies to ALL servlets.
The programmatic solution should work because it
is a basic Servlet function! Does anyone know why
the timeout within the code doesn't work?
Any assistance would be greatly appreciated, RK.

Looks like SP8 fixes this problem....
Rick Kalifa wrote:
Weblogic510/Service Pack 6/Sun Solaris 5.6:
If I set the weblogic.httpd.session.timeoutSecs=300 property it works
but this setting applies to ALL servlets. The programmatic solution
should work because it is a basic Servlet function! Does anyone know why
the timeout within the code doesn't work?
Any assistance would be greatly appreciated, RK.

How to disable weblogic built-in HTTP session filter?

Hi,
I want to use my own HTTP seesion filter to manage HTTP session on weblogic clustered servers. It seems that weblogic servers plugin its HTTP session filter already for servlet. How can I use my own HTTP session filter to replace WebLogic built-in session filter?
Thank you for your help.

Could you be more elaborate on your requirement.
Weblogic servers plugin provides a way to handle requests based on url content. or content type and so on, it dosent do much with users sessions other than for session stickyness.

Session-timeout is happening intermittently for few users in weblogic.

Hi,
We have a war file deployed on a cluster. And from the past 3 days, few users are reporting that the session is getting timed out within 30 mins.
Actually the session timeout is set for 240 mins(4 hrs), this is defined in the web.xml file.
And the interesting thing is , this is not happening to everyone. Only few users are facing this session timeout in sometime.
Any suggestions or such experiences!!!

Hi,
What is the exact error that the user is seeing in their browser ?
Does this happen with all browsers ?
Thanks,
Sharmela

OAM Session timeout

Hi All,
I have the following set up configured.
1)Deployed a web application in a plain(non oim suite related) weblogic domain
2)Installed OHS,OAM,OIM and OUD
3)Configured OHS,OAM,OIM and OUD for SSO in OAM with the external URL from the independent weblogic domain
4)Independent Weblogic domain is configured with OAMIdentityAsserter and OUD Authentication provider
My query is as below.
I have the session time out value configured as 600(seconds) in weblogic.xml of the web application.
Now when the access the web application through OHS SSO URL, the session is not waiting for 600 seconds to timeout,but getting invalidated in around 30 seconds.
How to resolve this issue.
Please advice.
I have the following configured in OHS proxy.
<Location /bc>
SetHandler weblogic-handler
WebLogicHost ZZZZZZ.oracle.com
WebLogicPort 9001
</Location>
firebug show the following URL getting hit just after the session invalidation http://ZZZZZ.com/oam/server/obrareq.cgi?encquery%3DHBGRZNUhr5Ucxs
and the following error gets logged in oam server
"Session invalid as returned by CHECK_VALID_SESSION_RESPONSE responseEvent fail>"
Kindly suggest.
Thanks,
Praveen

Verify whats session timeout value present in below config:
http://docs.oracle.com/cd/E27559_01/admin.1112/e27239/session.htm#AIAAG354
To edit the OAM common session settings:
Log in to Oracle Access Manager.
Click System Configuration.
From the Common Configuration panel, double-click Common Settings.
In the Session area:
In Session Lifetime, increase the current value.
In IdleTimeout (minutes), increase the current value.
Click Apply.
~J

In-memory replication of http session is not working in BEA7 cluster

          Hi everyone,
          I have 3 managed servers in Bea7.0 SP4 in a cluster. The client requests are sent
          through apache web server. I have given cluster address as URL in httpd.conf of
          apache server which sends the client requests for dynamic pages such as JSPs and
          servlets to the weblogic cluster.
          Load balancing is working fine. I ensured this from the log files of all the 3
          servers. All the 3 servers are getting different client requests and thus load
          balancing is working.
          Now, I wanted to achieve Fail-over. I do not think that i should use proxy plug-in
          for this. I feel the cluster itself will handle fail-over provided i make the
          http session as memory replicated.
          I updated the weblogic.xml with the following entry :
          <session-descriptor>
          <param-name>PersistentStoreType</param-name>
          <param-value>replicated</param-value>
          </session-param>
          </session-descriptor>
          I guess this is sufficient to make the http session as cluster aware.
          But when I shutdown server1, the user connected to server1 will be kicked out
          of the session and come to login page through server2 or server3 which are running
          fine.
          Could anyone help me to achieve http session as cluster aware. Does it indicate
          that I have to go for WLS proxy – HttpClusterServlet to achieve fail over for
          http session ?
          BTW, for your info, i am using setAttribute() and getAttribute() while manipulating
          the session.
          thanks in advance.


          Hi Ryan,
          Thanks for ur valuable input.
          I can see failover working.
          But, I can not continue with the same session in my application.
          I printed session Ids before and after failover, I found both are different.
          I guess session replication is a responsibility of weblogic/apache plugin.
          If not please let me know which all settings I should do to make failover working?
          Thanks again.
          Plad
          "ryan upton" <ryanjupton at learningvoyage dot com> wrote:
          >Plad,
          >
          >Are you trying to gracefully shut down the server? If you are then the
          >problem that you say you can't identify is simply the server's default
          >behavior which is to wait for all non-replicated sessions to be dropped
          >or
          >timed out before killing the process. Try forcing the shutdown: kill
          >-9 the
          >PID or CTRL-C if you started the server from the command line. You can
          >also
          >check the ``Ignore Sessions During Shutdown" checkbox under the server's
          >control tab in the admin console, this should allow you to shut down
          >gracefully without waiting for session timeout. BTW your sequence is
          >off
          >in #5 below, the replication doesn't occur upon failure, the replication
          >has
          >already happened once you created the session object on the first server,
          >I
          >think maybe you're confusing replication with failover.
          >
          >~RU
          >
          >"Plad" <[email protected]> wrote in message
          >news:[email protected]...
          >>
          >> Hi,
          >> I have 2 managed servers in a cluster.
          >>
          >> 1. I have got a DNS name configured which maps to these 2 managed server's
          >IP
          >> addresses.
          >> 2. I can browse my site using this DNS name.
          >> In HTTPD.conf I have :
          >>
          >> ServerName dev.a.b.net
          >>
          >> <IfModule mod_weblogic.c>
          >> WebLogicCluster 10.1.38.232:7023,10.1.34.51:7023
          >> MatchExpression *.*
          >> </IfModule>
          >>
          >> LoadModule weblogic_module modules/mod_wl_20.so
          >>
          >> 3. I have adeded session descriptor in weblogic.xml , also enabled
          >proxy
          >plugin
          >> in weblogic console.
          >>
          >> 4. I tested accessing my application using DNS url after shutting down
          >alternatively
          >> each manaed server. I can access application.
          >>
          >> 5. Now, problem comes when I access a managed server1 , keeping server2
          >down.
          >> I am able to access my application.
          >> Now, I start the server2.
          >> (Here I am supposing that replication should occur)
          >> Then I am shutting down server1.
          >> But, this time the server log shows me following:
          >>
          >>
          >> 9:58:51 AM GMT+05:30 NOTICE Web application(s) chlist still have
          >non-replicated
          >> sessions after 2 minutes of initiating SUSPEND. Waiting for non-replicated
          >sessions
          >> to finish.
          >> 10:00:51 AM GMT+05:30 NOTICE Web application(s) chlist still have
          >non-replicated
          >> sessions after 4 minutes of initiating SUSPEND. Waiting for non-replicated
          >sessions
          >> to finish.
          >>
          >> I am unable to make out where the problem is?
          >> Can it be a problem of Liecense? Is there any specialcluster liecense
          >for
          >weblogic8?
          >>
          >> Hoping to get replies.
          >> Thanx.
          >> Plad
          >>
          >> "ryan upton" <ryanjupton at learningvoyage dot com> wrote:
          >> >See my reply to your first post, but I've also added a few comments
          >here.
          >> >
          >> >"jyothi" <[email protected]> wrote in message
          >> >news:[email protected]...
          >> >>
          >> >> I guess someone from bea support team only can answer both your
          >question
          >> >and mine.
          >> >> As per my knowledge, we do not need to do any setup at Apache
          >side
          >> >regarding
          >> >> cluster other than mentioning cluster address as URL while
          >contacting
          >> >WLS
          >> >> from apache.
          >> >>
          >> >> I hope someone from Bea, will help us. I do not think that we
          >> >go for
          >> >WLS
          >> >> proxy plug-in using HttpClusterServlet for making session replication.
          >> > I
          >> >strongly
          >> >> feel that the cluster itself be able to manage the fail-over of
          >> >http
          >> >sessions
          >> >> provided we put the entry "PersistentStoreType" in weblogic.xml
          >> >regarding
          >> >> the session replication.
          >> >>
          >> >
          >> >The cluster does handle the management of Sessions. The clustered
          >> >applications still create the Session objects and the cluster manages
          >> >them
          >> >as per your deployment descriptor settings (replicated, JDBC, File)
          >however
          >> >the proxy has to be aware of which server the client has an affinity
          >> >for
          >> >(only with replicated sessions) and it does that by reading a cookie
          >> >passed
          >> >back from the server that handled the initial request and created
          >the
          >> >primary session object. The proxy has a list of both the primary
          >and
          >> >secondary server locations from this cookie that it can use to failover
          >> >the
          >> >request if the primary server fails. Clusters _DO NOT_ failover nor
          >> >do they
          >> >load balance, that's the job of your proxy, whether you're using the
          >> >HTTPClusterServlet, WLS Plug-in or a more sophisticated hardware load
          >> >balancer like Big IPs F5
          >> >
          >> >> jyothi
          >> >>
          >> >
          >> >~RU
          >> >
          >> >
          >>
          >
          >

Com.essbase.eas.essbase.defs.ServerCommands.Connect - Session timeout

Hello,
I set essabse as a cluster on 2 win 2008 64 bit server (active, passive), EAS console runs on both servers as actvie active, we set a loadblanace infront of those 2 server to have EAS loadbalanced
if I do accsess EAS directly to the server http://<hostA>:10080/easconsole/console.html or http://<hostB>:10080/easconsole/console.html all works fine
As soon I am using domain name and go though loadbalance http://<domainname>:10080/easconsole/console.html I am getting the errror below:
com.essbase.eas.essbase.defs.ServerCommands.Connect February 12, 2013 2:56:51 PM EST Session timeout Failed : -1 Your session is not currently authenticated. Please log in.
EAS version: 11.1.2.2.1

Is it the web console, I take it you are using a http server such as OHS in front of the EAS WebLogic cluster, if so does it work through the http server or is still the same, how are sessions handled on the load balancer are they set up as sticky.
Cheers
John
http://john-goodwin.blogspot.com/

Data to be persisted in database on session timeout

Environment :
weblogic version 8.1 , application based on MVC 2 model.Ours is a web based application using JSP , servlets and java beans.
Screnario :
We are collecting the data from different screens where the user travers's and storing it in the session object.
Problem :
We want to store the Data in database on session timeout. Whether weblogic provides any API Or Can we use session detroyed method of http session listener for the same. How this solution will work in a clustered environment?
How stable will be the solution if at all we use session listener ?
Restrictions :
We dont want to hit the database each time the user traverses the screens.
We cant use EJB for the same.
We cant increase the session timeout as it may hold the resources for use.

Any suggestions plz

Portal Session Timeout - ICM/Webdynpro/POWL

Hi Experts,
We are having SRM Portal which has POWL Webdynpro and other applications running.
SRM Portal is a seperate JAVA Instance and integrated to backend with SSO enabled.
We have Logon Ticket Timeout set as default 8 Hours and the Session Timeout in Portal set as 2 Hours (Server>services>webcontainer>properties>Session Timeout).
For the ABAP backend, we have rdisp/plugin_auto_logout-->7200 (2 Hours) and ICM timeout as remommeded by SAP as icm/server_port_0 = PROT=HTTP,PORT=8012,TIMEOUT=90,PROCTIMEOUT=600
Now the problem is:
1. Users connected to portal and work on any POWL Iviews has an idle time of two hours-->we get the ICM session timeout error page.
2. Sometimes Users get the Login screen of portal within the Navigation Frame which can be identified as the Ticket Expiration
Is there a possibility to control the behavior of portal to avoid these error pages to Users like if the timeout happened in backend, there should be auto refresh if the user clicks the application.
And if the ticket expired, the portal should refresh to the home screen on clicking any Iview.
We tried the IDLE timeout pop up and in Vain, you could see my another post on the same.
Portal Idle Pop Up
Regards,
Sethu

Hi,
Read SAP note 705013,
I think adjusting the kernel parameters, rdisp/gui_auto_logout and rdisp/plugin_auto_logout will help.
Try adding below parameters in the Instance profile.
icm/keep_alive_timeout 3600
icm/conn_timeout 5000
Regards,
Venkata S Pagolu

Session Timeout directly taking to login page

Hi,
In our application when session time out happens, it is directly taking to login page, instead of showing the time out error message . We have a CustomExceptionHandler defined in our application. When I debugged, I identified that the following error message
<StateManagerImpl><restoreView> Could not find saved view state for token -ppfn0o4n8 (*ADF_FACES-30107)*
comes when user clicks login the second time.
We want to know how to get the error message first before it goes to the login page? Any configuration we are missing?
Here is our applications web.xml
<?xml version = '1.0' encoding = 'UTF-8'?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" version="2.5" xmlns="http://java.sun.com/xml/ns/javaee">
<description>Empty web.xml file for Web Application</description>
<context-param>
<param-name>javax.faces.STATE_SAVING_METHOD</param-name>
<param-value>client</param-value>
</context-param>
<context-param>
<param-name>jndiContext</param-name>
<param-value>inv</param-value>
</context-param>
<context-param>
<param-name>UserEnvironmentName</param-name>
<param-value>UserEnvironment</param-value>
</context-param>
<context-param>
<param-name>CacheConfigureFile</param-name>
<param-value>inv-cache.xml</param-value>
</context-param>
<context-param>
<param-name>SecurityRepositoryClass</param-name>
<param-value>oracle.communications.inventory.api.framework.security.impl.SecurityRepositoryImpl</param-value>
</context-param>
<context-param>
<description>Whether the 'Generated by...' comment at the bottom of ADF Faces HTML pages should contain version number information.</description>
<param-name>oracle.adf.view.rich.versionString.HIDDEN</param-name>
<param-value>false</param-value>
</context-param>
<context-param>
<param-name>oracle.adfinternal.view.rich.libraryPartitioning.ENABLED</param-name>
<param-value>true</param-value>
</context-param>
<context-param>
<param-name>ilog.views.faces.CONTROLLER_PATH</param-name>
<param-value>/_contr</param-value>
</context-param>
<context-param>
<param-name>ilog.views.faces.CONTENT_LENGTH_ENABLED</param-name>
<param-value>true</param-value>
</context-param>
<context-param>
<description>If this parameter is true, there will be an automatic check of the modification date of your JSPs, and saved state will be discarded when JSP's change. It will also automatically check if your skinning css files have changed without you having to restart the server. This makes development easier, but adds overhead. For this reason this parameter should be set to false when your application is deployed.</description>
<param-name>org.apache.myfaces.trinidad.CHECK_FILE_MODIFICATION</param-name>
<param-value>false</param-value>
</context-param>
<context-param>
<param-name>APPLICATION_NAME</param-name>
<param-value>Unified Inventory Management</param-value>
</context-param>
<context-param>
<param-name>COPYRIGHT_FROM_YEAR</param-name>
<param-value>2007</param-value>
</context-param>
<context-param>
<param-name>COPYRIGHT_TO_YEAR</param-name>
<param-value>2011</param-value>
</context-param>
<context-param>

<param-name>org.apache.myfaces.trinidad.UPLOAD_MAX_MEMORY</param-name>

<param-value>512000</param-value>
</context-param>
<context-param>

<param-name>org.apache.myfaces.trinidad.UPLOAD_MAX_DISK_SPACE</param-name>

<param-value>104857600</param-value>
</context-param>
<filter>
<filter-name>trinidad</filter-name>
<filter-class>org.apache.myfaces.trinidad.webapp.TrinidadFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>trinidad</filter-name>
<servlet-name>Faces Servlet</servlet-name>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<listener>
<listener-class>oracle.communications.inventory.api.framework.listener.ContextListener</listener-class>
</listener>
<listener>
<listener-class>oracle.communications.inventory.ui.framework.IlogContextListener</listener-class>
</listener>

<listener>
<listener-class>
oracle.communications.inventory.cartridge.deploy.CartridgeInstallerServletContextListener
</listener-class>
</listener>
<persistence-context-ref>
<persistence-context-ref-name>persistence/EntityManager</persistence-context-ref-name>
<persistence-unit-name>default</persistence-unit-name>
</persistence-context-ref>
<listener>
<listener-class>oracle.adf.mbean.share.connection.ADFConnectionLifeCycleCallBack</listener-class>
</listener>
<listener>
<listener-class>oracle.adf.mbean.share.config.ADFConfigLifeCycleCallBack</listener-class>
</listener>
<servlet>
<servlet-name>BIGRAPHSERVLET</servlet-name>
<servlet-class>oracle.adfinternal.view.faces.bi.renderkit.graph.GraphServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>BIGAUGESERVLET</servlet-name>
<servlet-class>oracle.adfinternal.view.faces.bi.renderkit.gauge.GaugeServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>MapProxyServlet</servlet-name>
<servlet-class>oracle.adfinternal.view.faces.bi.renderkit.geoMap.servlet.MapProxyServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>GatewayServlet</servlet-name>
<servlet-class>oracle.adfinternal.view.faces.bi.renderkit.graph.FlashBridgeServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>media</servlet-name>
<servlet-class>oracle.communications.inventory.ui.media.servlet.MediaServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>BIGRAPHSERVLET</servlet-name>
<url-pattern>/servlet/GraphServlet/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>BIGAUGESERVLET</servlet-name>
<url-pattern>/servlet/GaugeServlet/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>MapProxyServlet</servlet-name>
<url-pattern>/mapproxy/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>resources</servlet-name>
<url-pattern>/bi/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>GatewayServlet</servlet-name>
<url-pattern>/flashbridge/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>media</servlet-name>
<url-pattern>/media_image</url-pattern>
</servlet-mapping>
<resource-ref>
<res-ref-name>wm/ruleWorkManager</res-ref-name>
<res-type>commonj.work.WorkManager</res-type>
<res-auth>Container</res-auth>
<res-sharing-scope>Unshareable</res-sharing-scope>
</resource-ref>
<filter>
<filter-name>JpsFilter</filter-name>
<filter-class>oracle.security.jps.ee.http.JpsFilter</filter-class>
<init-param>
<param-name>enable.anonymous</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>remove.anonymous.role</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>addAllRoles</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>jaas.mode</param-name>
<param-value>doasprivileged</param-value>
</init-param>
</filter>
<filter>
<filter-name>ADFLibraryFilter</filter-name>
<filter-class>oracle.adf.library.webapp.LibraryFilter</filter-class>
</filter>
<filter>
<filter-name>adfBindings</filter-name>
<filter-class>oracle.adf.model.servlet.ADFBindingFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>JpsFilter</filter-name>
<servlet-name>Faces Servlet</servlet-name>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
<dispatcher>INCLUDE</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>ADFLibraryFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>adfBindings</filter-name>
<servlet-name>Faces Servlet</servlet-name>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet>
<servlet-name>resources</servlet-name>
<servlet-class>org.apache.myfaces.trinidad.webapp.ResourceServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>adflibResources</servlet-name>
<servlet-class>oracle.adf.library.webapp.ResourceServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>adfAuthentication</servlet-name>
<servlet-class>oracle.adf.share.security.authentication.AuthenticationServlet</servlet-class>
<init-param>
<param-name>success_url</param-name>
<param-value>/faces/InventoryUIShell</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet>
<servlet-name>Controller</servlet-name>
<servlet-class>ilog.views.faces.IlvFacesController</servlet-class>
<load-on-startup>3</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/faces/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>resources</servlet-name>
<url-pattern>/adf/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>resources</servlet-name>
<url-pattern>/afr/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>adflibResources</servlet-name>
<url-pattern>/adflib/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>adfAuthentication</servlet-name>
<url-pattern>/adfAuthentication</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Controller</servlet-name>
<url-pattern>/_contr/*</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>35</session-timeout>
</session-config>
<mime-mapping>
<extension>html</extension>
<mime-type>text/html</mime-type>
</mime-mapping>
<mime-mapping>
<extension>txt</extension>
<mime-type>text/plain</mime-type>
</mime-mapping>
<jsp-config>
<jsp-property-group>
<url-pattern>*.jsff</url-pattern>
<is-xml>true</is-xml>
</jsp-property-group>
</jsp-config>
<security-constraint>
<web-resource-collection>
<web-resource-name>allPages</web-resource-name>
<url-pattern>/</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>valid-users</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Unsecured resources</web-resource-name>
<url-pattern>/images/</url-pattern>
<url-pattern>*.png</url-pattern>
<url-pattern>*.gif</url-pattern>
<url-pattern>*.jpg</url-pattern>
<url-pattern>*.jpeg</url-pattern>
<url-pattern>*.bmp</url-pattern>
<url-pattern>*.css</url-pattern>
<url-pattern>*.js</url-pattern>
<url-pattern>/css/*</url-pattern>
<url-pattern>/afr/blank.html</url-pattern>
</web-resource-collection>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>adfAuthentication</web-resource-name>
<url-pattern>/adfAuthentication</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>valid-users</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/faces/login.jspx</form-login-page>
<form-error-page>/faces/error.jspx</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>valid-users</role-name>
</security-role>
<welcome-file-list>
<welcome-file>/faces/InventoryUIShell</welcome-file>
</welcome-file-list>
</web-app>

hi
this can be done using a simple "Servlet Filters" which will check whether the user session is valid or not. so for every connect to the server the filter runs and redirects to the login page if the session has expired. here you can configure your filter to be activated for every URL or a patterns of urls.
u need servlet2.3 supported server for this.
hope this helps
shrini
I have an business j2ee application run on oc4j. When the session timeout declared on the web.xml expire, i want to redirect automaticaly the user to my login.jsp to force him to reconnect. I try j_security_chek, but i want to restart the business application at the top and not to the page which are request. Somebody know who i can do this mechanism. I try too special tag in jsp, this run very good but i have to repeate this call on every page. I look for an other simply mechanism to that
Thanks

Re: [iPlanet-JATO] Re: session timeout when not submitting to a handler

Mark--
I know what's happening here, but am curious about your approach. You said
in an earlier email that you were generating links directly to JSPs, but
from what you are describing, you are generating JATO-style links to access
JATO pages. Nothing wrong with that, but there is a signficant difference.
Actually, it just occurred to me, I'm wondering what your URLs look like.
The way the request dispatching works in JATO is it ignores anything after
an initial "." in the final part of the URL path. For example, a request
for "/myapp/module1/MyPage.jsp" doesn't actually try to hit the JSP, instead
it tries to hit the JATO page "/myapp/module1/MyPage".
The end result is that you may think you are accessing a JSP directly, but
are instead accessing a JATO page. The reason the request dispatching works
this way is because it is illegal to access JATO JSPs directly, and there is
actually a (disabled) JATO feature that piggybacks on the use of the
dot-delimited URL.
So, now I need to understand your intent. I wasn't really sure why you were
generating direct JSP/page links to begin with. This works against the Type
II architecture JATO uses, in which all JATO requests go back to the
controller servlet.
If you are trying to design something like a menu page, you may have thought
that it was burdensome to create a number of HREF children, plus implement
event handlers for each of them. This definitely would be burdensome beyond
just a handful of links, but this is why JATO provides other mechanisms for
doing what I'll call here "polymorphic HREFs".
Assuming this menu page scenario, the easiest thing to do is to simply use
one HREF child on the page, and add a value to it each time it is rendered
that distinguishes it from the other instances on the page. In your event
handler for the HREF, you simply check this value and use it to decide which
page to forward to. You can add a value to an HREF or Button by using the
"addExtraValue()" method. Or, if you are using JATO 1.2, you can add extra
query string NVPs right in the JSP document using the "queryParams"
attribute of the <jato:href> tag. Thus, your one HREFchild and event
handler become "polymorphic" because what they do depends on the context in
which they are invoked.
Now, I still don't have confirmation that this is what you were trying to
do, so until I do, let me explain the exception you're seeing. JATO assumes
that when a request comes in for a page that includes the pageAttributes
NVP, it is a request coming from a previously generated JATO page. Because
of the way JATO works, this means that the request dispatching code should
send the request back to the originally rendered page. For example, if Page
A renders an HREF, which the user then activates, JATO sends the request
back to Page A for handling. All of the HREFs and forms generated during
rendering of Page A actually refer back to Page A, regardless of where those
links or buttons actually pass the request in their event handlers/Command
objects.
So, what's happening when you include the pageAttributes in your HREFs is
that JATO is assuming that a request is being sent to the target page, with
the assumption that the target page has a mechanism in place to handle the
request. This assumption relies on the specification of the "originator" of
the request being specified in the request. For links/HREFs, the name and
value of the HREF is sent along with the request. For forms, the name and
value of the button that was pressed are sent in the request. JATO uses the
presence of these name/value pairs to decide which event handler, or which
Command object, to invoke to handle the request.
The exception you are receiving is saying that there was no object on the
target page that indicated it could handle the request. This is to be
expected, since you have not specified a query parameter that indicates
which CommandField child is responsible the request. However, this is where
I see the disconnect, because that is not what I believe you were trying to
do (as explained above).
So now, given all the information above, can you tell me what you're trying
to accomplish, and whether or not the info I've given you has helped you to
design a mechanism more in line with a JATO approach? If not, given that I
understand what you're trying to do, I can offer a more concrete solution.
Todd
----- Original Message -----
From: <Mark_Dubinsky@p...>
Sent: Monday, November 05, 2001 2:54 PM
Subject: [iPlanet-JATO] Re: session timeout when not submitting to a handler
This is the exception we get:
(And BTW, leaving a blank value for the pageAttributes doesn't help)
[05/Nov/2001 17:49:18:4] error: <portalServlet.processRequest>
javax.servlet.ServletException: The request was not be handled by the
specified handler
at java.lang.Throwable.fillInStackTrace(Native Method)
at java.lang.Throwable.fillInStackTrace(Compiled Code)
at java.lang.Throwable.<init>(Compiled Code)
at java.lang.Exception.<init>(Compiled Code)
at
javax.servlet.ServletException.<init>(ServletException.java:107)
at
com.putnaminvestments.common.jato.ApplicationServletBase.dispatchRequ
est(Compiled Code)
at
com.putnaminvestments.common.jato.ApplicationServletBase.processReque
st(Compiled Code)
at
com.putnaminvestments.bp.portal.portalServlet.processRequest(Compiled
Code)
at
com.putnaminvestments.common.jato.ApplicationServletBase.doPost(Compi
led Code)
at
com.putnaminvestments.common.jato.ApplicationServletBase.doGet(Compil
ed Code)
at javax.servlet.http.HttpServlet.service(Compiled Code)
at com.putnaminvestments.bp.bpServletBase.service(Compiled
Code)
at javax.servlet.http.HttpServlet.service(Compiled Code)
at
com.netscape.server.servlet.servletrunner.ServletInfo.service(Compile
d Code)
at
com.netscape.server.servlet.servletrunner.ServletRunner.execute(Compi
led Code)
at com.kivasoft.applogic.AppLogic.execute(Compiled Code)
at com.kivasoft.applogic.AppLogic.execute(Compiled Code)
at com.kivasoft.thread.ThreadBasic.run(Native Method)
at com.kivasoft.thread.ThreadBasic.run(Native Method)
at com.kivasoft.thread.ThreadBasic.run(Native Method)
at com.kivasoft.thread.ThreadBasic.run(Native Method)
at com.kivasoft.thread.ThreadBasic.run(Compiled Code)
at java.lang.Thread.run(Compiled Code)
--- In iPlanet-JATO@y..., "Todd Fast" <Todd.Fast@S...> wrote:
Mark--
Initially we tried to add the pageAttributes NVP as well, but that
was
causing an exception, so we stopped doing that.That's odd--what was the exception?
Our problem now is that when the SessionTimes out it does not go
to
onSessionTimeout method as in processRequestMethod of the
ApplicationServletBase it looks for pageAttributes. If it is notnull
then only onSessionTimeOut method is called.This is sadly the only technique for determining if a session hastimed out
and a new one been created, versus the initial creation of thesession.
Is there any work around for this? Maybe you can suggest how topass
the pageAttributes without causing the initial exception?Definitely--let me know what the exception was and I'll be able tosuggest
something. However, it shouldn't really be any harder thanappending a
"jato.pageAttributes=" empty NVP on the HREF.
Todd
Todd Fast
Senior Engineer
Sun/Netscape Alliance
todd.fast@s...
For more information about JATO, please visit:
http://developer.iplanet.com/tech/appserver/framework/index.jsp

OK, here's what I'm trying to do: We have, like you said, a menu
page. The pages that it goes to and the number of links are all
variable and read from the database. In NetD we were able to create
URLs in the form
pgXYZ?SPIDERSESSION=abcd
so this is what I'm trying to replicate here. So the URL that works
is
pgContactUs?GXHC_GX_jst=fc7b7e61662d6164&GXHC_gx_session_id_=cc9c6dfa5
601afa7
which I interpreted to be the equivalent of the old Netd way. Our
javascript also loads other frames of the page in the same manner.
And I believe the URL-rewritten frame sources of a frameset look like
this too.
This all worked except for the timeout problem. In theory we could
rewrite all URLs to go to a handler, but that would be...
inconvenient.

What is the difference between Session timeout and Short Session timeout Under Excel Service Application -- session management?

Under Excel Service Application --> session management; what is the difference between Session timeout and Short Session timeout?

Any call made from the API will automatically be set to the “Session Timeout” period, no matter
what. Calls made from EWA (Excel Web Access) will get the “Short Session Timeout” period assigned to it initially.
Short Session Timeout and Session Timeout in Excel Services
Short Session Timeout and Session Timeout in Excel Services - Part 2
Sessions and session time-outs in Excel Services
above links are from old version but still applies to all.
Please remember to mark your question as answered &Vote helpful,if this solves/helps your problem. ****************************************************************************************** Thanks -WS MCITP(SharePoint 2010, 2013) Blog: http://wscheema.com/blog

Session timeout while in a bounded taskflow.

Hi all,
I have ADFSecurity configured on project.
If a session timeout occurs while we are in view1,(click dialog ok button) is redirect to login.
If a session timeout occurs while we are in some-btf,(click dialog ok button) isn't redirect to login. White page with text Session expired appears.
How can we redirect to login when a session timeout occurs while we are in a bounded TF?
I already try to add servlet filter on the FacesServlet, but when i click on the ok button, the filter isn't called.
Using JDev 12.1.3
Thanks in advance.

Session expiry has changed in 12.1.3 (see https://java.net/jira/browse/ADFEMG-264).
Have you configured the session timeout warning?
How?
Do you use the filter approach?
Have you installed an error handler in the bounded task flow?
Timo

Weblogic HTTP Sessions timeouts

Similar Messages

Maybe you are looking for