Whether to use cookie for session mgmt

Similar Messages

• ApplicationPoolException: JBO-30006: The cookie for session

  Hi
  Presently we are using the followings s/w for our product development:
  1.     JDeveloper 11g (11.1.1.0.2) - yet to migrate to JDev 11g R1 (11.1.1.1.0)
  2.     Weblogic 10.3.0
  3.     Target Browser Client is IE7 – and to extend to FF3+
  Now we have completed few of the modules and is in the process of moving to Customers Beta Env. During our testing we are getting some sort of JBO errors (server log) and the browser displays ‘Cancel or Retry’ message.
  A portion of error message from the stack trace has been pasted below
  oracle.jbo.common.ampool.ApplicationPoolException: JBO-30006: The cookie for session 0K5ZKVDL7wNcJ2qXTkQhjCQvq0sJSykgnV8P0WQMvNqdbF9QdThk!1335475191!1247101864354 and application 378381615_1_PcmsSysDataControl_$beandc$_ is not a valid handle for application pool, InternalDCAMs. The cookie may not be used to access this pool instance.
  at oracle.jbo.common.ampool.ApplicationPoolImpl.validateSessionCookieInPool(ApplicationPoolImpl.java:3496)
  at oracle.jbo.common.ampool.ApplicationPoolImpl.removeSessionCookie(ApplicationPoolImpl.java:769)
  at oracle.jbo.common.ampool.SessionCookieImpl.removeFromPool(SessionCookieImpl.java:609)
  at oracle.jbo.common.ampool.SessionCookieImpl.destroy(SessionCookieImpl.java:528)
  at oracle.jbo.common.ampool.SessionCookieImpl.timeout(SessionCookieImpl.java:586)
  at oracle.adf.model.bc4j.DCJboDataControl.releaseImmediateAMUnmanaged(DCJboDataControl.java:2414)
  at oracle.adf.model.bc4j.DCJboDataControl.releaseApplicationModule(DCJboDataControl.java:2324)
  The present scenario:
  1.     ADFModel1.jar - An ADF Model Project contains a set of views to be used across multiple Model projects by Importing Business Components.
  2.     ADFModel2.jar - This project uses ADFBC import from the above model project – ADFModel1.jar
  All the view implementations are available here as the Core Model
  3.     ADFModel3.jar - Imports ADFModel2.jar – used as a Customization layer (refer error message above - PcmsSysDataControl)
  4.     ViewController.war - Contains all the JSPX, Page Defs, Html, JS, CSS, Images
  Both ADFModel3.jar and ViewController projects are under a separate .jws (Application Workspace) and running as a separate application. Similar way all other applications have been modeled.
  Both ADFModel2 and ADFModel3 has the DataSource Names defined. Please help us to resolve this issue.
  If you need any more info, please let me know
  Krish

  have you ever solved the problem? I have a similar issue on Linux RedHat with a load-balanced cluster of Tomcat. The strange thing is that only one of the servlets always issues the problem. The incriminated app module is created with "Configuration.createRootApplicationModule..." and released at the end. I have a similar servlet that creates the same app module with the same command and has no problems.
  The ADF Team, what does it say about?
  Thanks

• Urgent: how to use cookies or session in javafx

  Hi....
  i am new to javafx and need help to learn how to use cookies and session in javafx.i want to create a simple website using javafx.....
  Urgent reply is requested
  mufaddal

  Please correct me if I'm wrong: I think LiveConnect is not supported on IE, and Mozilla has plans to discontinue it.
  Didn't an earlier version of JavaFX allow access to the Applet instance, including the AppletContext? Seems to me, just generally, that JavaFX applets are hobbled unless they have that functionality available. Cookies are one example. Also applet parameters, hyperlinks, and the browser status display.
  Especially hyperlinks.

• Use cookies or sessions or what?

  I am using frames on Web Site One, with a frame on Web Site
  One pointing to Web Site Two (I own both web sites).
  Problem: Web Site Two needs remember variables in the Web
  Site Two frame displayed on Web Site One.
  When I use cookies on Web Site Two, they work fine when
  actually on Web Site Two. But cookies will not work in the Web Site
  Two frame on Web Site One.
  I have tried using cfcookie with the domain setting, but it
  doesn't work... probably because they are completely different
  URLs.
  I have tried using session variables, which also work on Web
  Site Two when on that web site, but not when accessing Web Site
  Two's pages in a frame on Web Site One.
  Is there a way to retain variables within a frame on Web Site
  One that is pointing to a completely different URL? Again, I have
  complete access to the coding on both web sites.

  Only if you pass the variable in a url in that frame.
  Sessions and Cookies (
  in many cases the same thing) are domain specific, and not
  only would this not be allowed security-wise by the browser, but CF
  will attempt to stop it as well.
  What you are attempting is basically cross-site scripting.
  Passing a variable to the url of each fram ewould be the only
  way to send the same variable to a completely different website.

• Bug in Presentation services - using cookies for GET requests

  Hi,
  I am implementing OBIEE bridge to integrate report in to 3rd party web applications.
  I am creating page using the following syntax:
  *string pageId = htmlViewService.startPage(new StartPageParams() { dontUseHttpCookies = true }, sessionId);*
  Even though its clearly stated not to use Cookies, my guess is that below request is failing because it is expecting cookies:
  http://localhost/Bridge?RedirectURL=saw.dll%2fuicomponents/common/common.xml?fmapId=KqIJCw
  returns with the response
  OBIPSNotLoggedIn
  I have tried to inject all headers and all cookies in the request, but its not helping. Can someone help me in this?
  I will really appreciate any help.
  Thanks!

  Irrespective of building EVALUATE expression (using constant only) in the RPD BMM logical column or just in Answers there are some rules:
  1. RPD/Answers
  If you want to query just EVALUATE expression without some other column then this is must do (example):
  Column1:
  case when 1=2 then PRODUCTS.PROD_CATEGORY else EVALUATE('TO_CHAR(%1)' as char, 100) end
  Evaluate is using only constant. We place presentation attribute inside the case to make navigator to handle this request.
  2. Answers
  You can use only EVALUATE('TO_CHAR(%1)' as char, 100) in the Answers column expression but only in combination with another presentation attribute, cannot have only EVALUATE('TO_CHAR(%1)' as char, 100) in the request.
  Column1: PRODUCTS.PROD_CATEGORY
  Column2: EVALUATE('TO_CHAR(%1)' as char, 100)
  Regards
  Goran
  http://108obiee.blogspot.com

• Advice on whether to use ASM for 11gR2 databases

  Hi all,
  Hope I can get some advice here for ASM.
  I'm going to upgrade all my 10.2 EE databases to 11gR2, and I will not be running RAC, only single instances and Data Guard. My storage is HP SAN. I wonder if it is worth the trouble (in our small shop) to run ASM.
  Currently, my backups are done from a SAN perspective only, meaning that whatever is in the SAN storage is backed up.
  How do I back up the files in ASM? Do I have to copy the backupsets to file system first ?
  Thanks!
  June

  fjfranken wrote:
  For small databases performance gain is zero, you only add complexity where a normal file system would be sufficient.Disagree.
  Also, the reasoning is not valid. ASM works at device level. Not at cooked file system level.
  This means that ASM directly uses the LUN (seen as a local scsi device) of the SAN. See LUN. Use LUN. That simple.
  Not using ASM means that the o/s needs to be updated and configured. That LUN needs to be mounted. It needs to be formatted. The mount needs to be made permanent (via fstab or whatever).
  This makes ASM less complex and cooked file system more complex.
  Also consider that the mount and its contents are exposed to other s/w and processes and users. This raises issue such as access control and security - and the possibility of errant s/w trashing a database file because it happens to be running on the wrong mount or wrong directory.
  This is not the case with an ASM diskgroup as it is not mounted and not visible as a normal cooked file system.
  And if a cooked file system feature needed for a non-database files, an ACFS volume can be created in the diskgroup and mounted as a clustered file system. So it is not as if you loose the option of having a cooked file system on a LUN, when using ASM.
  Database size has nothing to do with the decision between cooked file system or ASM when using SAN LUNs. Ease of use, manageability, and feature set, have. From this perspective a cooked file system for database storage is old and clunky and insecure, and ASM is flexible, performant, scalable and secure.

• I cannot remain logged into a site that uses cookies for authorization.

  I have tried everything I can think of. All of my settings are set to allow cookies. LiveJournal won't let me post. Help is appreciated!

  From your Safari menu bar click Safari / Preferences then select the Security tab.
  Click: Show Cookies
  Delete all the LiveJournal cookies.
  Now empty the Safari cache either from the menu bar, Safari / Empty Cache or Option + Command + E on your keyboard.
  Quit then relaunch Safari. If that didn't help, if you use an ad blocker, disable that, then try again.

• Use cookies with sessionManagement?

  I'm trying to create cookies that I can pass to subsequent
  webpages - all of my webpages are controlled by an Application.cfm
  file with sessionManagement turned on (enabling session variables).
  When a user logs in, I create a cookie for his org name (i.e.
  <cfcookie name="orgname" value="#org_name#"
  domain=".sprint.com">. With the debugger on, I can see the
  cookie set on the login page. However, when I go to another page,
  the debugger no longer shows the cookie. I only see CFID and
  CFTOKEN.
  Are we not allowed to use cookies with session
  management?

  Are we not allowed to use cookies with session management?
  Sure you are. What version of CF. There was some cookie
  issues with
  older, pre 5.0, versions of ColdFusion.
  Are you doing anything on the subsequent pages with the
  cookie? I'm not
  sure a cookie would show up in debugger on any page if you
  are not
  writing or reading it on that given page.

• Always use URL Rewriting for session tracking?

  All you JSP guru:
  I am working on a JSP project that requires session tracking. I have successfully implements session tracking with both cookies or URL rewriting. I know that with the HttpSession object, it will always try to use cookie first, if that's disabled, then it'll automatically switch to URL rewriting. However, is there a way to force the HttpSession object to ALWAYS use URL rewriting instead of cookies? I have searched for an answer for a long time and haven't been able to found a solution. Is it possible at all? Thank you very much.

  i was going to say that WebSphere always uses URL rewriting if you enable it at all, but someone beat me to it (indirectly) :-)
  however, that seemed to me to be a violation of the spec, which seemed to imply the behaviour you're describing (only use URL rewriting if cookies are not supported on the current client)
  here's a response someone else made on a websphere newsgroup to a statement in that regard:
  I believe you are technically correct. However from my
  experience, I think the spec if flawed in this area since
  there is no reliable way of determining whether the
  client browser supports cookies. The authority on
  cookies (www.cookiecentral.com) says:
  "To properly detect if a cookie is being accepted via
  the server, the cookie needs to be set on one HTTP
  request and read back in another. This cannot be
  accomplished within 1 request."
  This is asking too much of a servlet engine
  implementation. Even if it did submit a request for this
  purpose, the user could refuse the cookie. So
  then technically the browser supports cookies, but the
  servlet engine infers it doesn't. So if the servlet engine
  infers the browser does not support cookies and so
  encodes the URL, it is again out of spec because the
  browser really does support cookies. By doing it
  however encoding is configured makes things simpler,
  robust, consistent and avoids the flaw.
  My opinion.so, mostly i'm just rambling, but if you're using websphere, you should get the behaviour your boss wants. if you're using something else, i suppose there's a chance it'll "violate" the spec in this same, potentially helpful way.
  btw, i remember somebody else complaining that URL rewriting is less secure than cookies, but i kinda think they're about equal. it seems like either could be intercepted by a sniffer and then used to spoof. but i'm no expert in that stuff...

• Cache file(pdf) in user's browser using Servlet -Cookie, or Session

  How can I save a file (pdf) in the cache of a browser (IE 6) in a user's computer? I am using Servlet and Tomcat 4.1.24. PDF file is sitting in server (remote computer) under a URL space.
  The idea is to NOT to download the pdf file on user's computer (from the remote server) if the user has a cached copy of the pdf file and pdf file in the server is the same as the pdf file in the browser. If cached pdf is different from pdf in browser, or, if the user does not have that pdf file in cache, then download pdf file from the server.
  Can I come up with a way to use Cookie class? Cookie class does not have an API which will let me save a file in it. I could have saved the pdf file in the Cookie with 999999999 setMaxAge. Is storing that pdf file in session the only choice? I do not see session serving my purpose - session should not be valid for a longgg duration e.g. week or month.
  Also, how would I create a file whne I am given a URL to that file.
  URL fileInServer = new URL("http://www.myDomain.com/myWebApp/PDF/my.pdf);
  URLConnection conn = fileInServer.openConnection();
  Does getContent() help and what are the steps after that?
  Any help with the source code will be appreciated.
  Thanks,
  Sam
  [email protected]

  I am NOT creating this PDF file on the fly. This pdf file is sitting in the server (remote machine) under URL e.g. http://10.10.10.xxx:8081/myApp/PDF/my.pdf
  I need to check if this pdf file is in the cache in user's computer (differnt machine than the server) and if the cached pdf is the same as the pdf in the server. If that file is not in the cache, or if they are not the same, then, I need to save the pdf file from the server into user's browser cache.
  I am writing all that code in Servlet. I can save the file in session. I do NOT know how else can I cache the file, other than saving it in session. I can not think of any setHeader() which will let me save a file in user's browser cache. Headers like If-Modified-Since are of no help, as it does not let me compare file in browser cache with the file in server.
  Also, how would I create a file, given a URL to that file.
  URL fileInServer = new URL("http://www.myDomain.com/myWebApp/PDF/my.pdf");
  URLConnection conn = fileInServer.openConnection();
  Do I use getContent()? What are the steps after that?
  Thanks,
  Sam
  [email protected]

• Please help me-it's urgent,maintaining session and security using cookies.

  hi folks,
  i presently developing a web site for an engineering colleege ,i am facing prob in maintaining the session using cookies,and destroying a cookie and keeping security to the user,There are four links on my webpage ,including a logout link,when i click the other links other than the logout,it works perfectly,and when i click the logout link,i am not able to disable the cookie and still able to visit previous pages by clicking the back button.please give a suggestion as such to disable the cokie and maintain the security for my web site.
  Thank u....

  Try out this login if it helps you.
  Create a bean that stores some String value. Then make a object of this bean using the useBean tag with session scope when a user logs in. Store the name of the user in the bean and also set the same name value in the Session object. Then on every JSP page compare the value set in the session object with the bean variable (which will be having a session scope). If the value match, then the JSP page output must be displayed to the user. Then on the logout link, invalidate the session object using the invalidate() method of the session class. As a result now when you will try to navigate back to the old JSP page, null will be returned to you when you will try to retrive the name value from the session object. And since this null will not match with the value in the bean, you should not proceed further with generating the output. Hope this help
  Nirav ([email protected])

• Sites identified to allow, allow for session or block cookies in exceptions diappear

  I identify sites to allow, allow for session or block cookies in the exception tab in the privacy tab. These sites all disappear when Firefox is closed without any action on my part. I have to repeatedly reenter the sites again. How do I arrange to make the remain until I make a change?

  Do not use [[Clear Recent History]] to clear the "Cookies" and the "Site Preferences"
  Clearing "Site Preferences" clears all cookies, images, pop-up windows, software installation, and password exceptions.
  * http://kb.mozillazine.org/Cookies

• Invalid session cookie supplied for session

  Hi!
  I am receiving this message in the jserver logs:
  Invalid session cookie supplied for session test.site:1178135737779:-391743236040311715:2617822910155903052.
  The operation will fail.
  Repeat the request with a valid session cookie.
  I can access the web client, i can start the vt420, but any other application that spawns a new browser windows fails. This is a standard install in Suse Linux.
  Thanks in advance

  I'm getting the same thing, and I know I shouldn't be. I've installed 4.2 many times, and even had 4.3 going on the Sun Ray server last week and it was fine. But now when trying to do a stand alone install, I can't seem to get past this.
  Using Solaris x86, been working on this 2-3 days trying Sol10u3 no patches, latest patches, Xorg, Xsun, everything I can think of. I can't fathom why it worked on the exact same box, same OS.. (But it was running Sun Ray server software), and now with a fresh OS install, and it's doing this.
  I also noticed it wanted to add itself to /home/ttasys/.ssh/known_hosts, I've never had a home directory for these users before. Made the home directory since I was fresh out of ideas, now it's just one less error message with the same result.

• How can I change the default cookie-preference dialog-button to "allow for session" instead of "allow?"

  When the cookie preference is set to "ask every time" the default button (highlighted & selected when I hit return or enter) is "allow." Can I change the default button to "allow for session" so I don't have to use the mouse to select it?

  Here's the cookie preference dialog box (click picture below)

• Anyone want to use a real session drummer for free?

  Hi everyone, my name is David.  If anyone is interested, I'm willing to do what's called "online session drumming" for free. 
  Why for free? I want to gain more experience in session drumming for customers from afar, plus doing this kind of work is a great way for me to stay engaged and be creative as a drummer without being tied to a specific band. 
  I do alot as far as studio/session drumming and using GarageBand for some side projects in music production.
  What can I provide you? I record my drum tracks in GB with Addictive Drums by playing on an expanded Yamaha DTX950K drum kit.  If you are unfamiliar with these products, I encourage you to look them up so you can appreciate the professional track I can give your song. 
  My strongest areas are Rock-Centric, but I have taken lessons in hip-hop, jazz, and Latin percussion as well.  I use a Pearl Eliminator double-bass pedal for applications where double bass is appropriate, so if you need metal drumming don't hesitate to ask.  I know the new drummer feature is a great improvement but nothing can compare to a real drum track created specifically for a song with the songwriters exact desires in mind.
  If you are interested, contact me through this forum or e-mail me at [email protected]  I'd be happy to send you a sample or two of what I've done in other projects and discuss what you are looking for in your project to determine if I can help get you the sound you want.  What I'm offering for free goes for $200 an hour and up, but you can have it for free by providing me an outlet for my hobby.

  Basically you would want to connect the D-Link directly, using an Ethernet cable, to the LAN port of the AEBSn, and then, reconfigure the D-Link as a bridge to allow the AEBSn to continue to provide NAT & DHCP services for the entire wired/wireless network. The AEBSn then can be reconfigured for either the "802.11n only (2.4 GHz)" or "802.11n only (5 GHz)" radio mode.