How to get the session timeout in Siteminder.In our application user will access via login to the Site minder. One peculiar problem is that if a user left idle in our application for about 20 minutes then after 20 minutes when he tries to access or do something it will give fatal exceptions
How to get the session time out from Siteminder.I am using Servlet filters for authentication.
Related
I created a public app in Oracle Apex 20.1
I set session management like that --> session management
Application has no authentication and every page is public.
Unfortnently in the application logs I found many erros with Your session has expired message. It occurs multiple times in exactly same time. In user column there is a null value instead of nobody.
Logs from application
I would appreciate any advice how to fix my app
This is expected behaviour, there is nothing wrong with your application. Every page rendering in apex is a session - that is also true for public pages. The user is set to "nobody" indicating that the session is not authenticated. When a user leaves his browser open, eventually the session will time out.
You can increase the session idle time in Shared Components > Security attributes, but sessions will still timeout when they're idle for longer than this value.
The entries you're seeing in the application log seem to be coming from an ajax request, not from a page rendering action. This is hard to diagnose with no info about your application. I'm assuming you have a dynamic action or some javascript code with a timer to refresh the page or a page region. Once the session expires, those ajax requests start erroring out. What you could do is figure out what component/process is throwing the error message and put some logic in it so it only fires if the session is valid (using APEX_CUSTOM_AUTH.IS_SESSION_VALID)
Scenario:
We have our custom IDP(Spring Boot) and 2-3 clients(Spring Boot) in Keycloak. We're letting users authenticate through OIDC flow.
Keycloak SSO Session Idle: 30 Minutes(Default)
Client 1: Session Expiry > 45 Minutes
Client 2: Session Expiry > 15 Minutes
Problem:
When Client 1 gets login their session expiry should be set to 45 minutes, but after 30 minutes idle screen it gets logout
When Client 2 gets login their session expiry should be set to 15 minutes. After 15 minutes client session gets killed from a client app server but it still presents in keycloak. So till 30 minutes session is still present in keycloak. And if we hit URL we get logged in.
Question:
Can we set session expiry as per the client's request? Or in another way can we override keycloak SSO Session Idle through auth request or through API?
We simply want to use the client's session expiry/timeout.
In my application there is use of Jhipster , Spring Boot , Spring Security , Rest API , Angular js , Spring boot.
I know that we can set session timeout value in yml file.
But what i wanted to understand is how is the time interval calculated in such applications.
Ex: Suppose session timeout= 60 secs.
User logs in and keep the browser idle for 70 seconds. Now after 70 seconds when the user hits some button. A pop is displayed. So I wanted to know where is the calculation for difference in the two rest end points calls is done because after session timeout interval if i hit any api i get session timeout.
The session timeout is computed by the embedded servlet engine (Jetty, Tomcat or Undertow), it keeps a collection of all active sessions and the time of last access.
On first request, a session object is created in server and a session cookie containing its id is sent back in response, server also stores in session object the time of last access.
When your second request is processed, the server extracts the session id from the session cookie then finds session object matching this id and compares current time with last access time.
In a web app am developing using express.js am having a problem expiring sessions when a user has not been active for more than 10 minutes. Am using connect-couchdb as the session store.
I tried setting the req.session.cookie.maxAge = 600000. But this causes the session to expire 10 mins after logging in irrespective of user activity. My understanding of the documentation is that req.session.touch() will be called automatically by the connect middleware and hence maxAge (and the expires date) should get refreshed so it lasts another 10 mins, but it is not happening!!
I also tried setting maxAge to 600000 on each request and calling req.session.save() but even then there is no effect.
What am I doing wrong?
You are not doing anything wrong---this is a bug in Connect. The session cookie gets updated in the server, but not pushed to the client, and so the client keeps trying to use the old cookie, which will expire sooner than you want.
More details and discussion here.
In my web application(jsp/servlet) there is a web page which create Ajax request periodically to grab the latest data from the server.This page is the main page which is always open once user log in to the system while other pages open in new browser windows(due to user events).
I have to invalidate the user session which idle for more than 30 minutes. For that I use Tomcat session timeout feature. But the thing is most of the time users session which are idle for 30 min are not invalidated.
But some time user sessions are invalidated by Tomcat after 30 min. I think this is because the main page send Ajax request periodically without idling the session.
I want to know that is Tomcat can't identified the auto generated request from user event and invalidate session properly.Please give an ideas on this,it will be very helpful for me.
Dinesh
I don't think you have a choice here - if Tomcat identifies and ignores the AJAX request, you'll lose the functionality it provides for you