I couldn't find information on the algorithm used by jBoss 7 to generation session IDs and I need to know what characters are possible. I noticed that sometimes the session ID has characters like: + * . etc... This seems different than jBoss 5 which was only alphanumeric.
Can you help me determine what characters are allowed for a jBoss 7 generated session ID?
Thanks
Session ID generation is handled by org.apache.catalina.session.ManagerBase. The general format is as follows:
<encodedSessionId>.<jvmRoute>
ID encoding is based on:
SESSION_ID_ALPHABET = System.getProperty("org.apache.catalina.session.ManagerBase.SESSION_ID_ALPHABET", "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+_")
The jvmRoute part is usually environment dependent (it may be used for handling session affinity in a cluster).
Related
I have a scheduled script execution that needs to persist a value between runs. It is updated with each run. Using gs.setProperty seemed like the natural place until I came across this:
Care should be taken when setting system properties (sys_properties)
using this method as it causes a system-wide cache flush. Each flush
can cause system degradation while the caches rebuild. If a value must
be updated often, it should not be stored as a system property. In
general, you should only place values in the sys_properties table that
do not frequently change.
Creating a separate table to store a single scalar value seems like overkill. Is there a better place to store it?
You could set a preference if you need it in the instance. Another place could be the events table. Log the event with the data in parm1 or parm2 and on next run query the most recent event.
I'd avoid making a table as that has cost implications for some clients. I agree with the sys_properties.
var encrypter = new GlideEncrypter();
var encrypted = encrypter.encrypt('Super Secret Phrase');
gs.info('encrypted: ' + encrypted);
var decrypted = encrypter.decrypt(encrypted);
gs.info('decrypted: ' + decrypted);
/**
*** Script: encrypted: g/bXLJHa7xNRMKZEo5q/YtLMEdse36ED
*** Script: decrypted: Super Secret Phrase
*/
This way only administrators could really read this data. Also if I recall correctly, the sysevent table is cleared after 7 days. You could have the job remove the event as soon as it has it in memory.
I have to update many rows (increment one value in each rows) in peewee database (SqliteDatabase). Some objects can be uncreated so I have to create them with default values before working with them. I would use ways which are in peewee docs (Atomic updates) but I couldn't figure out how to mix model.get_or_create() and in [my_array].
So I decided to make queries in a transaction to commit it once at the end (I hope it does).
Why I'm writting in stack overflow is because I don't know how to work with db.atomic() with threading (I tested with 4 workers) in Huey because .atomic() locks the connection (peewee.OperationalError: database is locked). I've tried to use #huey.lock_task but it's not a solution of my problem as I've found.
Code of my class:
class Article(Model):
name = CharField()
mention_number = IntegerField(default=0)
class Meta:
database = db
Code of my task:
#huey.task(priority=30)
def update(names): # "names" is a list of strings
with db.atomic():
for name in names:
article, success = Article.get_or_create(name=name)
article.mention_number += 1
article.save()
Well, if you're using a recent version of Sqlite (3.24 or newer) you can use Postgres-style upsert queries. This is well supported by Peewee: http://docs.peewee-orm.com/en/latest/peewee/api.html#Insert.on_conflict
To answer the other question about shared resources, it's not clear from your example what you would like to happen... Sqlite only allows one write transaction at a time. So if you are running several threads, only one of them may be writing at any given time.
Peewee stores database connections in a thread local, so Peewee databases can be safely used in multithreaded applications.
You didn't mention why huey lock_task wouldn't work.
Another suggestion is to try using WAL-mode with Sqlite, as WAL-mode allows multiple reader transactions to co-exist with a single writer.
I need to do a device discovery which is working fine for version 1,2 because the community name by default "public" help me on this, but for the version 3 the credentials are required, do ou know any tool o method to know that ?
As described in https://www.rfc-editor.org/rfc/rfc3414#section-4 you can send an empty v3 pdu. If the device supports v3 protocol it will respond (a report message) with it's snmpEngineID.
'This may be accomplished by generating a Request message with a securityLevel of noAuthNoPriv, a msgUserName of zero-length, a msgAuthoritativeEngineID value of zero length, and the varBindList left empty.'
#DominikPawlak already shows the RFC compliant approach. If you want some code sample, #SNMP has a sample called snmpdiscover,
http://sharpsnmplib.codeplex.com/wikipage?title=SNMP%20Device%20Discovery&referringTitle=Documentation
I have a webservice that stores an authenticated users token in the HttpRuntime.Cache to be used on all subsequent requests. The cached item has a sliding expiration on it of 24 hours.
Secondly I have a vb.net app that is pinging this webservice every 15 seconds. It gets authenticated once, then uses the cached token for all subsequent requests. My problem is that the application appears to lose authentication at random intervals of time less than the 24 hr sliding expiration. However with it getting pinged every 15 sec the authentication should never expire.
I am looking for a way to view the HttpRuntime.cache to try and determine if the problem is in the webservice security methods or within the vb.net app. Can I view the HttpRuntime.cache somehow?
The webservice is part of a web forms site that was built with asp.net 2.0 on a Windows Server 2008.
The name of my key's were unknown as they were system generated guid values with a username as the value. So in order to view a cache collection that was unknown I used a simple loop as follows.
Dim CacheEnum As IDictionaryEnumerator = Cache.GetEnumerator()
While CacheEnum.MoveNext()
Dim cacheItem As String = Server.HtmlEncode(CacheEnum.Entry.Key.ToString())
Dim cacheItem2 As String = Server.HtmlEncode(CacheEnum.Entry.Value.ToString())
Response.Write(cacheItem & ":" & cacheItem2 & "<br />")
End While
Hope this helps others.
First off, HttpRuntime.Cache would not be the best place to store user authentication information. You should instead use HttpContext.Current.Session to store such data. Technically the cache is allowed to "pop" things in it at its own will (whenever it decides to).
If you actually need to use the cache, you can check if your item is in the cache by simply doing:
HttpRuntime.Cache["Key"] == null
I'm having a stale attribute with the http session within Websphere 6 and may be related to in memory session replication..
Steps:
Object A.0 - Placed into the session with ID "ABC"
Remove A.0 from the session..
Object A.1 (New instance) - placed into Session with ID "ABC"
retrieve object with ID "ABC" from the session - RESULT: A.1 (Correct)
carry out a Servlet forward or a redirect (issues seen on both functions)..
retrieve "ABC" from the session - RESULT: A.0, the object that was removed from the session..
Notes -
Same Session object (hashcode/session ID) used in steps 1-5 using in
memory replication across 2 JVMs (single cluster)
time duration between steps 2 & 5 is total of 4 seconds
No other external threads have accessed the session in the interim..
Only noticed for 1 specific use-case; haven't encountered this in
other use-cases..
Anyone seen anything like this before where a stale data is being returned from the websphere application server?
Thanks,
Ian.
Are you explicitly writing the changed object back to the session before you forward/redirect? In at least some versions of WebSphere, in some configurations, you must do this to ensure the change is "committed".
(If I find a clear reference for this, I'll update my answer.)