Questions Tagged With session

Logging last login of a user

timorupp — Tue, 02 Jul 2019 02:46:52 -0400

In my application, users can log-in in various ways...

SSO: WAF via Tomcat valve
SSO: IIS integration
directly on the portal's login page (only for test/development systems)

Now I have the challenge to create a mechanism that can log last successful login of a user and write this information to my application DB or to the user in Ivy system DB.

Which options do I have to do this?

How to remove a "unknown user"-session

Stefan — Wed, 27 Mar 2019 08:02:06 -0400

If I logout a user from it's session (session.logoutSessionUser()), the session is still existing with an "unknown user".

    ISecurityManager secMgr = SecurityManager.getSecurityManager();
    for (ISession ssn : secMgr.getSessions()) {
        if (ssn.getSessionUserName().equalsIgnoreCase("xyz")) {
            ssn.logoutSessionUser();
        }           
    }

The session disappears only after a timeout (that might be the timeout defined in the tomcat configuration)

However: Is there a way to close/kill a session immediately after logging out a user?

Session Fixation with Axon.ivy

Bao Tran — Wed, 03 Jan 2018 04:25:25 -0500

Hi everyone, as far as I can find, every time user logs in with IVY Portal, the session is kept (not renewed). You can check this via JSESSIONID. Thus, it leads to session fixation attack.
May Axon.ivy provide a mechanism to prevent this kind of attack? I am using Axon.ivy 6.3.0.
Thank you.

Can I reduce the session-views that are held in the engine memory?

SupportIvyTeam — Fri, 03 Nov 2017 04:49:22 -0400

The Axon.ivy ivy Engine caches 20 JSF Dialog views per session. As I have a huge dialog with lots of sub-Dialogs this consuming a lot of memory on the Engine. Can I somehow reduce the amount of cached views?

How to extend a user session time programmatically?

Emmanuel — Fri, 31 Mar 2017 10:47:49 -0400

Dear Ivy support,

Using Ivy 6.2 we set the User session time-out value in the web.xml. Is there a way to extend the session validity programmatically without any User action?

In a JSF context, would this method have any effect on the Ivy Session ? javax.faces.context.ExternalContext.setSessionMaxInactiveInterval(int interval) Specifies the time, in seconds, between client requests before the servlet container will invalidate this session.

Thanks in advance Emmanuel

findWorkTasks() never returns tasks in TaskState.RESUMED state

Jailson Brito — Wed, 01 Feb 2017 15:45:36 -0500

Hello.

Using engine 6.0.5, I am trying to query tasks that the session user is working or can work on.

According to the docs, findWorkTasks() can return tasks in states TaskState.SUSPENDED, TaskState.CREATED, TaskState.RESUMED, TaskState.PARKED.

When I use it like this:

result = ivy.session.findWorkTasks(filter, order, first, pageSize, true, EnumSet.of(TaskState.SUSPENDED, TaskState.RESUMED));

It never returns TaskState.RESUMED tasks, only TaskState.SUSPENDED.

Just to double check if I have resumed tasks, I tried the following call and it returns the TaskState.RESUMED tasks. result = ivy.session.findLockedWorkTasks(filter, order, first, pageSize, true, EnumSet.of(TaskState.RESUMED));

What am I doing wrong on my use of findWorkTasks()?

Thanks in advance,

Language of system session

tauser — Fri, 07 Oct 2016 13:50:26 -0400

Hello, how is the rule which language has the system session ? Can we set the langauge of system session for the whole application ?

Thanks

Karel

Is there any possible way to switch SYSTEM session to another regular user's session in a ProgramStart execution?

Genzer Hawker — Fri, 27 May 2016 07:54:55 -0400

In our project, we use ProgramStart to implement cron jobs. The executions will always be carried on by the SYSTEM user using only one ISession(id = 0).

The problem is, we heavily store plenty of Context Information (authentication token, user-session-specific data, etc) into ISession.setAttribute(). It works well on normal situation with logged-in Ivy user. However, because in background jobs, there is only one session, each execution will interfere with each others, trying to set and get the Context Information.

In addition, this happens the same with Signals since execution of those also delegated to SYSTEM.

I've tried to call ivy.session.login() but it threw exception since Axon.ivy refuse to allow logging out of SYSTEM user.

My question is: Is there any possible way to switch from SYSTEM sessions to regular normal user's session?

Thanks

Assign and revoke Role to Session User dynamically

Emmanuel — Thu, 31 Mar 2016 10:26:20 -0400

Hello,

I need to assign and revoke Ivy Role dynamically on the session user. If I understand the API documentation well, the following method assigns the given role to the session, the role should be automatically unassigned after logout: Ivy.session().assignRole(role);

Here the API documentation:

@PublicAPI(value=EXPERT) Assigns a role to the session. Parameters:role The role to assign

The problem is that I need also to revoke an Ivy Role dynamically, I could not find a method like Ivy.session().revokeRole(IRole role) or Ivy.session().unassignRole(Irole role). Is there a possibility to do that?

Thanks a lot in advance.

Emmanuel

how to use PrimeFaces idleMonitor?

enricojl — Mon, 30 Nov 2015 20:23:43 -0500

I'd like to call a process event from the idlemonitor tag. when I do

<p:idleMonitor timeout="5000"  onidle="#{logic.onIdle}" />

I get the following error : javax.el.PropertyNotFoundException: Property 'onIdle' not found on type com.sun.proxy.$Proxy118

I can't seem to get access to logic... inside the idelMonitor but if I open a dialog and press a button, it works; but I want to call the logic.method before the user has to click any button. is it possible.

here is the dialog.

            <p:dialog widgetVar="idleDialog" modal="true"
                header="Période d'inactivité écoulée"
                style="width: 300px">
                <p:panelGrid columns="1">
                    <p:outputLabel>
                        <p>Cette page est demeurée inactive pour plus de 20 minutes. </p>
                        <p>Votre demande a été enregistrée et conservée dans vos tâches.</p> 
                    </p:outputLabel>
                    <p:commandButton actionListener="#{logic.onIdle}" onclick="PF('idleDialog').hide()"
                        value="#{ivy.cms.co('/label/demande/continue')}" />
                </p:panelGrid>
            </p:dialog>

Maximum "concurrent session"

dbalasse — Thu, 30 Jul 2015 18:31:34 -0400

Is it possible to configure the number of "concurrent session" ?

I use here the term "concurrent session" as explained in this thread http://answers.axonivy.com/questions/158/what-exactly-is-regarded-as-a-concurrent-session "All sessions in which the same user is logged"

Detect a user session is closing because of timeout

Emmanuel — Sat, 13 Jun 2015 10:22:25 -0400

Hi everybody,

Is there a way to detect a user session is closing because of a timeout? There is the "unload" event that can be catched in an ULC Rich Dialog for performing some stuff when the user close a Dialog. Is there something similar for a session timeout?

If not it would be very usefull to have such a possibility.

Thanks in advance Emmanuel

SSO on Apache: not logged in to Ivy but in tomcat?

Alexis — Wed, 13 May 2015 09:04:14 -0400

Hello Ivy-Comunity!

When logged in to Apache (and to Tomcat) the User is not taken by Ivy.

In a testing environment I have the following constellation:

Linux environment with Ivy 5.1.3 attached to AD
Apache Server with Kerberos Login attached to the same AD
Ajp-Connector to Ivy-Tomcat
A jsp testing Page in the Ivy-Environment (applicationHome on the Application-wf-Page)

So this Page shows me by asking request.getRemoteUser() that this User is logged in: Hans.Tester@TESTENV.LOCAL and a HTTP Session request.getSession().getId(). But getting the Ivy-User by ivySession.getSessionUser() returns null. Except when Logged in manualy the result Hans.Tester for the Ivy-Session.

So why is that? Or how can I make shure, that the Session is taken correctly by ivy?

First guess is, that the username comes with the Environment (TESTENV.LOCAL). If it is the Issue, how to shut that down?

With further investigation I found out more:

In a Windows-Environment under IIS the UserName of the Tomcat-Session is in this format: TESTENV\Alexis.Suter
The Ivy-Session is not saved into Tomcat-request. (When only logging in to Ivy)

Thanks in advance!

Temporary (Ivy) file created by System session will not be deleted

Genzer Hawker — Fri, 16 Jan 2015 09:24:48 -0500

In the documentation of Ivy File (emphasis mine)

A File object can be used to read/write temporary or persistent data. IvyScript Files are created in a confined area that belongs to the running application. Temporary files are created in a session-specific file area and are automatically deleted if a session ends. Temporary Files can be made persistent.

If a temporary File is created, it will be located at {app}/files/sessions/{sessionId}/. The files then will be deleted if the session is invalidated.

Unfortunately, this isn't true for temporary files created by SYSTEM user. The SYSTEM user's session is always have the id of 0, hence all files created in SYSTEM user's session will be located at {app}/files/sessions/0/.

It seems that Ivy Server will never invalidate SYSTEM user's session, thus all files located in the directory will by left there undeleted (same as persistent file).

I don't know whether this is a known fact as a consequence of the implementation that SYSTEM user will never be invalidated or it should be considered (somehow) as a bug?

Thanks for considering my question.

Regards