Session Timeout in weblogic 6.1 SP3-- Urgent - weblogic.developer.interest.wls6.1(Archived)

Hi
We are currently using weblogic 6.1 SP3 and iPlanet for our application. The session timeout in web.xml is set to 100 mins but the session doesn't timeout, i.e., we can still access the application without being locked out. How can I fix this??
What is happening is that a new session is being created automatically after the sesion timeout. our application doesn't validate the user.. the authentication is done by some PKI tokens. can that be the reason for this behavior??? If so, how can we fix it??

Related

Urgent: session invalidate problem

Guys:
Has anyone had a issue with session.invalidate() using weblogic 8.1.
we have vignette portal and weblogic 8.1.
the problem i have noticed is session.getId retunrns a extra timestamp string in the end. And i am thinking since this changes the entire sessionid, it does not get invalidated. I tried adjusting the weblogic.xml's idlength session-param to 52 but this still happens after that. can anyone suggest any insights. i am unable to kill the session and hence the user is always logged in. the only way is to close to broswer window.

Session Timeout in weblogic 6.1 SP3-- Urgent

Hi
          We are currently using weblogic 6.1 SP3 and iPlanet for our application. The session timeout in web.xml is set to 100 mins but the session doesn't timeout, i.e., we can still access the application without being locked out. How can I fix this??
          What is happening is that a new session is being created automatically after the sesion timeout. our application doesn't validate the user.. the authentication is done by some PKI tokens. can that be the reason for this behavior??? If so, how can we fix it??

Session invalidate issue- need help.

Guys:
Has anyone had a issue with session.invalidate() using weblogic 8.1.
we have vignette portal and weblogic 8.1.
the problem i have noticed is session.getId retunrns a extra timestamp string in the end. And i am thinking since this changes the entire sessionid, it does not get invalidated. I tried adjusting the weblogic.xml's idlength session-param to 52 but this still happens after that. can anyone suggest any insights. i am unable to kill the session and hence the user is always logged in. the only way is to close to broswer window.
session id:
F1z2YTQMyD3Yy1Xs4VBHyq3M7LWVfYMnvWJgYLnrR3cPYnKL9NW9!-682555724!1170191618061
any help will be appreciated..thanks.
Harsh

http session timeout - WL 6.1

Hello,
I have the session timeout parameter for a webapp set at one hour via
the console. (webapp -> edit application descriptor etc...) As opposed
to having the parameter in weblogic.xml or web.xml.
The issue I am having is that although the above configuration seems
to work, in that the session does get expired after one hour, it appears
that weblogic does not rely on the browser for this i.e. if you look at
the session cookie in the browser, it says that it expires at 'end of
session' - meaning when the browser window is closed. Weblogic
apparently is keeping its own timestamp of when the session should
expire and resetting the cookie at that point.
Can someone confirm if this is in fact the case? and if so, is there
any way to alter that behaviour? For reasons too long-winded to go into
here, this is causing a problem for me.
Thanks very much,
-evan.
Evan,
Yes - - the WLS servlet container keeps track of the session timeout. I'm wondering
if you could keep a timeout value in the cookie (cookie.setValue) and then reset
the amount of time the container waits before invalidating the session (session.setMaxInactiveInterval?
Would that work?
Chuck Nelson
DRE
BEA Technical Support

Lingering Sessions - Weblogic 6.1 SP2

We're running an application on WL 6.1 SP2. We have Apache on Linux as the
web servers in front.
The problem we're having is this:
When a user logs in we create a session of the request
(request.getSession(true)). In other places, when we need to access that
user's session, we explicitly call getSession(false). When the user logs
out, we explicly call session.invalidate.
When running a load test of, say, 100 users (the process is user logs in,
performs actions, and then logs out) over and over, we're seeing sessions
around 700 in the console. Even when we do a force GC, the session count
only drops 50 or so. It's as if there are lingering sessions.
I've been scanning through eDocs to find how to resolve this. One person
suggested that since the user is logged out and redirected to the login.jsp
page, WL is not releasing the session, since login.jsp is served by the app
server. Since we are explicitly calling session.invalidate I struggle with
this conclusion. The session is not created until login.jsp posts to the
login servlet.
Any pointers to where I can read up on this would be greatly appreciated!
Even you invalidate your session, it doesn't mean WLS will recalim
everything. It has it's own implementation of session clean, which will
check for all invalidate session and timeout session and it will reclaim
those session. Running of these thread can be controlled by a parameter in
weblogic.xml
InvalidationIntervalSecs
60
Sets the time, in seconds, that WebLogic Server waits between doing
house-cleaning checks for timed-out and invalid sessions, and deleting the
old sessions and freeing up memory. Use this parameter to tune WebLogic
Server for best performance on high traffic sites.
The minimum value is every second (1). The maximum value is once a
week (604,800 seconds). If unset, the parameter defaults to 60 seconds.
"William Johnson" <wjohnson#ivc.cc.ca.us> wrote in message
news:3d6fb394#newsgroups.bea.com...
We're running an application on WL 6.1 SP2. We have Apache on Linux asthe
web servers in front.
The problem we're having is this:
When a user logs in we create a session of the request
(request.getSession(true)). In other places, when we need to access that
user's session, we explicitly call getSession(false). When the user logs
out, we explicly call session.invalidate.
When running a load test of, say, 100 users (the process is user logs in,
performs actions, and then logs out) over and over, we're seeing sessions
around 700 in the console. Even when we do a force GC, the session count
only drops 50 or so. It's as if there are lingering sessions.
I've been scanning through eDocs to find how to resolve this. One person
suggested that since the user is logged out and redirected to thelogin.jsp
page, WL is not releasing the session, since login.jsp is served by theapp
server. Since we are explicitly calling session.invalidate I strugglewith
this conclusion. The session is not created until login.jsp posts to the
login servlet.
Any pointers to where I can read up on this would be greatly appreciated!

Categories

Resources